AutoSkills CLI

v1.0.0

AutoSkills - 智能AgentSkills自动检测与安装系统。自动检测项目类型（Web/Python/学术/金融等），推荐并安装对应的AgentSkills。触发词：autoskills、项目类型检测、智能安装。

⭐ 0· 15·0 current·0 all-time

byAdam@adamwgp

MIT-0

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

medium confidence

Purpose & Capability

The SKILL.md claims automated detection and one‑click installation of AgentSkills (including auto-activating finance/marketing skills and integrating with 'Hunter Agent' / ClawHub). However the skill metadata declares no required binaries, no install spec, and no required env/config paths. The documentation instructs users/agents to run `npx our-autoskills` and `npm install -g our-autoskills` (which require Node/npm available and will download remote code) but Node/npm are not listed as required. The automatic activation of other skills (and checking ClawHub CLI) implies access to local agent state and possibly credentials, but none are declared.

ℹ

Instruction Scope

SKILL.md instructs running npx/npm commands which will fetch and execute remote packages from the npm ecosystem; it also lists checks (Node version, ClawHub CLI, Skills directory, installed Skills). The file-pattern detection logic (package.json, requirements.txt, *.tex) is consistent with the stated purpose, but the instructions give the agent the authority to download and run external code and to inspect the repository filesystem — this is expected for a detector/installer but carries execution risk and should be made explicit.

Install Mechanism

There is no formal install spec in the metadata, but the SKILL.md relies on npx/npm to obtain and run the implementation. That means the runtime will perform network downloads and execute code from the npm registry (source and registry not pinned or shown). Instruction-only skills that tell agents to run npx present a high-risk install vector because arbitrary code is fetched and executed at runtime; the skill does not document or pin the exact package version or provide checksums.

ℹ

Credentials

The skill declares no required environment variables or credentials, which is good surface-wise, but it's inconsistent with its stated behavior of auto-activating other Skills and integrating with external tooling (ClawHub, Hunter Agent, Jarvis-Invest, Sains CRM). Those actions commonly require tokens or CLI access. The lack of declared credentials or explicit prompts/flows for obtaining them is an omission that makes it unclear how activations will be authorized.

✓

Persistence & Privilege

always:false and user-invocable:true (normal). The SKILL.md suggests modifying local state (installing skills, activating integrations) but does not declare an always:true or other elevated persistence. Autonomous invocation is allowed by default which increases blast radius if the installed package is malicious, but there is no direct request to permanently alter other skills' configuration in the metadata.

What to consider before installing

This SKILL.md is an instruction-only wrapper that tells an agent to run `npx our-autoskills` / `npm install -g our-autoskills`. That will download and run code from the npm registry — do not run it blindly. Before installing or authorizing this skill, verify the npm package and GitHub source: inspect the package contents, confirm the maintainer identity, and review what the package will read/modify (skills list, ClawHub/agent config). Ensure Node/npm are present in a safe environment (e.g., sandbox or VM), and require explicit listing of the exact package version, checksum, and any credentials that will be used. If you expect the skill to auto-activate other skills or access agent tooling, ask the maintainer to declare required binaries, config paths, and any tokens/permissions, or perform these activations manually after review.

Like a lobster shell, security has layers — review code before you run it.

agentvk974pbxthep22qp3hdtm64ac51847w5dautomationvk974pbxthep22qp3hdtm64ac51847w5dautoskillsvk974pbxthep22qp3hdtm64ac51847w5dlatestvk974pbxthep22qp3hdtm64ac51847w5dopenclawvk974pbxthep22qp3hdtm64ac51847w5d

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

AutoSkills - 智能AgentSkills系统

功能

1. 项目技术栈自动检测

支持检测以下项目类型：

🌐 Web项目: React/Vue/Angular/Next.js/Nuxt.js
🐍 Python项目: Django/Flask/FastAPI/Pandas
📚 学术项目: LaTeX论文/ArXiv/Thesis
💰 金融项目: 股票/加密货币/量化交易
📈 营销项目: CRM/Sales/Pipeline
🎬 媒体项目: 视频/音频/字幕处理

2. 智能Skills匹配

根据检测到的项目类型，自动推荐最合适的AgentSkills：

Web → agent-reach, playwright-scraper, web-research-assistant
Python → csv-analyzer, stock-analysis, pymupdf-pdf-parser
Academic → phd-revision-agent, humanizer-pipeline, verification-gate-phd
Finance → jarvis-invest, stock-analysis, yahoo-finance-cli, personal-cfo
Marketing → sains-crm, sales-pipeline-tracker, social-media-manager

3. 一键安装

npx our-autoskills

4. 与Hunter Agent集成

Finance项目自动激活Jarvis-Invest
Marketing项目自动激活Sains CRM

命令

npx our-autoskills        # 完整检测+推荐+集成
npx our-autoskills detect # 仅检测项目类型
npx our-autoskills install # 安装推荐的Skills
npx our-autoskills list   # 查看所有可用Skills
npx our-autoskills doctor # 系统检查

系统检查

npx our-autoskills doctor

检查项：

Node.js 版本
ClawHub CLI 状态
Skills 目录状态
已安装Skills统计

安装

npm install -g our-autoskills
# 或
npx our-autoskills

技术栈检测算法

检测器使用多维度评分：

文件模式匹配 (权重: 2)
- package.json → Web项目
- requirements.txt → Python项目
- *.tex, *.bib → 学术项目
关键词扫描 (权重: 1)
- README.md内容分析
- 代码文件关键词

Skills注册表

内置27+个预配置Skills：

System级: token-manager, model-router, structured-context-compressor, clawflow
Web级: agent-reach, web-research-assistant, playwright-scraper
Academic级: phd-revision-agent, humanizer-pipeline, verification-gate-phd
Finance级: jarvis-invest, stock-analysis, yahoo-finance-cli
Marketing级: sains-crm, sales-pipeline-tracker, closing-deals

Files

1 total

Select a file

Select a file to preview.

Comments

Loading comments…