ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Skill Manager

v1.0.0

Manages skill distribution and visibility across AI agents using a two-layer, two-dimension Universal Skill Manager with syncing and scope control.

0· 100·0 current·0 all-time
byHulk@hulk-yin

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for hulk-yin/skill-manager-usm.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Skill Manager" (hulk-yin/skill-manager-usm) from ClawHub.
Skill page: https://clawhub.ai/hulk-yin/skill-manager-usm
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install skill-manager-usm

ClawHub CLI

Package manager switcher

npx clawhub@latest install skill-manager-usm
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (manage distribution and visibility of skills) aligns with the provided scripts and documentation: the code implements a hub + agent directories model and symlink-based distribution. Requesting no network credentials and no external binaries is consistent with a purely local filesystem manager.
!
Instruction Scope
SKILL.md instructs the agent/operator to run included scripts (sync_skills.sh, migrate_to_hub.sh) and to edit meta.yaml files. Those instructions entail reading and modifying many user-home directories (e.g., ~/.skills, ~/.claude/skills, ~/.cursor/skills, ~/.openclaw/skills) and writing/removing files and symlinks. The provisioning guidance defaults to making skills 'universal' when uncertain, which increases scope/visibility automatically. The instructions do not require explicit user confirmation before destructive operations (the scripts have a --dry-run flag but SKILL.md emphasizes 'MUST run' without mandating dry-run/confirmation).
Install Mechanism
There is no install spec or external downloads (lower supply-chain risk). However, this is not a pure documentation-only skill: it bundles two multi-thousand-byte shell scripts that will be executed against user directories. That increases risk relative to an instruction-only skill because these scripts can move, delete, and generate files on disk.
!
Credentials
The skill declares no required env vars or config paths, but the scripts implicitly require and modify configuration under $HOME (e.g., ~/.skills/, ~/.skills/agents.yaml, per-agent skill dirs). The implicit requirement to access and mutate multiple agent directories is not surfaced in requires.* metadata—this mismatch is noteworthy because the skill will act across the user's home tree without upfront declared scope.
Persistence & Privilege
The skill is not 'always: true' and does not request credentials. Still, it modifies global/local skill state (creating symlinks, moving directories, generating meta.yaml). Those are persistent changes to the filesystem and agent environments; they are legitimate for this manager but warrant explicit user consent and backups before execution.
What to consider before installing
This skill appears to implement what it claims, but it performs powerful filesystem operations that can move, overwrite, or remove skill directories and will by default make new/uncertain skills 'universal' (visible to all agents). Before installing or running it: 1) Inspect the two scripts (migrate_to_hub.sh and sync_skills.sh) yourself to confirm you understand what will change. 2) Run operations in --dry-run mode first (both scripts support it) and verify the reported actions. 3) Back up your ~/.skills and any agent skill directories. 4) Ensure ~/.skills/agents.yaml exists and is correct (the sync script will exit if missing). 5) Avoid running migrate_to_hub.sh without review—it uses mv, rm -rf and can delete or relocate directories. 6) Do not rely on the 'default to universal' rule if you want limited visibility—explicitly set scopes in meta.yaml. 7) Run these scripts as your normal (non-root) user and avoid automated/unreviewed autonomous invocation until you’ve validated behavior. If you are uncomfortable with the scripts manipulating home directories, consider a manual, incremental approach (create a test hub and test agent dirs) or decline installation.

Like a lobster shell, security has layers — review code before you run it.

latestvk971v2p65j0az95c8cssm050an83f330
100downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
Hulk@hulk-yin
latest
Download

Skill Manager

You are the central manager of the Universal Skill Manager (USM) architecture.

This system resolves the fragmentation of skills across multiple AI Agents (Cursor, Claude Code, Codex, Gemini, OpenClaw, etc.) by maintaining a Single Source of Truth for skills.

The Architecture (2-Layer 2-Dimension)

  • 2 Layers:

    1. ~/.skills/ (Global Hub) and ./.skills/ (Project Hub): This is where the physical skill files natively reside.
    2. Agent Directories (e.g., ~/.claude/skills/, ~/.openclaw/skills/): These directories simply contain symlinks pointing to the real skills in the Hub.

  • 2 Dimensions (Scope / Visibility):

    1. universal: A skill available to ALL registered Agents.
    2. Specific (e.g. claude_code, cursor): A skill restricted to specific Agents only.

Specialist Agents (Progressive Disclosure)

When performing complex setup or configuration tasks, read the specialized instructions for the corresponding domain:

  1. New Skill Provisioning: (Setting up meta.yaml and distributing a newly created/installed skill) 👉 Read agents/provision_agent.md

Your Responsibilities

1. Synchronizing Skills

Whenever a new skill is created (by skill-creator), a skill is installed (by skill-installer), or a skill's metadata is changed, you MUST run the synchronization script to update the symlinks.

Command:

bash ~/.skills/skill-manager/scripts/sync_skills.sh

Add --project-dir <path> if you need to synchronize project-level skills as well.

2. Managing Agent Platforms

The list of supported Agent platforms and their directories is stored in ~/.skills/agents.yaml. If the user wants to add support for a new Agent, manually add it to agents.yaml and then run the sync script.

3. Modifying Skill Scope

Each skill in the Hub has a meta.yaml file defining its dimension. Schema details are in references/meta_schema.md.

Example meta.yaml:

name: "doubao-image-gen"
version: "1.0"
# "universal" applies to all agents
scope: "universal"
# Or target specific agents:
# scope:
#   - cursor
#   - openclaw

If the user says: "Make skill-xyz visible to Cursor", you edit ~/.skills/skill-xyz/meta.yaml to add cursor to its scope, then run sync_skills.sh.

4. Auditing Skill Distribution

If the user asks "Which skills are available to Claude?", you can check the scope fields in the various meta.yaml files in ~/.skills/, or simply list the contents of the ~/.claude/skills/ directory to see the symlinks.

Handoff & Lifecycle Integration

skill-manager acts as the Final Stage in the skill lifecycle.

  • From skill-creator: Once a new skill is drafted and verified, you are called to provision its metadata and sync it.
  • From skill-installer: Once a remote skill is downloaded, you are called to distribute it to the local agent directories.

CRITICAL: In these handoff scenarios, you MUST immediately read agents/provision_agent.md and follow its workflow to complete the task. Do not simply run the sync script without verifying the meta.yaml.

Comments

Loading comments...