ClawHub

Skill Router BZai

v1.0.0

Cost-effective skill selector for maximizing ROI on AI operations (增收降本版 v1.0.0). Use when the user needs to accomplish a task and wants the optimal skill ch...

0· 154·0 current·0 all-time
by@binziai7996

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for binziai7996/skill-router-bzai.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Skill Router BZai" (binziai7996/skill-router-bzai) from ClawHub.
Skill page: https://clawhub.ai/binziai7996/skill-router-bzai
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install skill-router-bzai

ClawHub CLI

Package manager switcher

npx clawhub@latest install skill-router-bzai
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The skill claims to discover local skills and search clawhub, evaluate them on quality/token/security/speed, present top-3 options, and execute a chosen skill. The included scripts call the expected CLIs (openclaw, clawhub), estimate costs, and implement evaluation logic. No unrelated binaries, env vars, or external credentials are requested.
Instruction Scope
SKILL.md instructs the agent to list local skills, search clawhub, run a security review, present recommendations, and—after user confirmation—install and execute a selected skill. That behavior is consistent with the router's purpose, but it involves installing and running third-party skills (potentially untrusted). The scripts perform downloads (clawhub download --dry-run) and run external CLIs; the skill defers final execution to user confirmation, which reduces risk. Also note the code contains placeholder/partial implementations for security checks and parsing, so the actual runtime checks may be weaker than the doc implies.
Install Mechanism
No install spec is provided (instruction-only skill plus bundled scripts). There are no network-download install steps embedded in the skill package itself. The only external interactions are via existing CLIs (openclaw, clawhub), which is appropriate for a router helper.
Credentials
The skill declares no required environment variables or credentials. It does read/write a history file under the user's home (~/.openclaw/workspace/skill-router-history.json) for cost/history tracking — this is reasonable for a router but is persisted to the user's filesystem. The scripts rely on external CLIs which may themselves use credentials; that is expected for a tool that searches/installs skills.
Persistence & Privilege
always:false (default) — no forced global presence. The skill writes a history file in ~/.openclaw/workspace, which is limited per-user but persistent. It may install and execute other skills (with user confirmation). This is expected functionality for a skill manager but expands its effective privileges by invoking third-party code; consider sandboxing or stricter verification before letting it run autonomously.
Assessment
This skill appears to do what it says: discover, score, and recommend skills from local installs and clawhub. Before installing or enabling it, consider the following: 1) It will call your local openclaw and clawhub CLIs and may install/run third‑party skills after you approve — only approve skills you trust or have inspected. 2) It persists history at ~/.openclaw/workspace/skill-router-history.json; if you prefer no local traces, remove/redirect that path. 3) The bundled security checks are partially placeholder-ish (e.g., evaluate_clawhub/check_security has minimal implementation and evaluate_local_skill assumes local skills are vetted). Don’t rely solely on this router’s automatic security score—manually review any skill flagged as high risk. 4) Run the router in a sandbox or test environment first if you expect strict security controls. If you want stronger guarantees, request that its security-check implementations perform concrete static scans, parse downloaded code, and refuse installs that fail those checks.

Like a lobster shell, security has layers — review code before you run it.

latestvk978bs6vrvdec6491cw3h09m7n832gcy
154downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
@binziai7996
latest
Download

Skill Router (增收降本版 v1.0.0)

智能技能选择器 - 用于增收降本的 AI 操作优化工具。

自动选择并执行最优技能,在保证质量的前提下最小化 Token 成本。

When to Use

  • User wants to accomplish something but doesn't know which skill to use
  • Multiple skills could solve the same problem - need to pick the best one
  • Want to minimize token cost while maximizing quality
  • Need to evaluate skills from clawhub.com before installation

Workflow

1. Parse Task

Analyze user request and decompose into atomic subtasks if needed.

2. Discover Skills

Search for candidate skills:

  • List local installed skills: openclaw skills list
  • Search clawhub.com: clawhub search <keywords>

3. Evaluate Candidates

For each candidate skill, score on:

DimensionWeightEvaluation Criteria
Quality/Utility35%User ratings, downloads, functionality match
Token Cost30%Estimated input/output tokens based on skill complexity
Security/Reliability20%Code audit, permissions, update frequency, author trust
Speed15%API response time, execution efficiency

Scoring Algorithm:

final_score = (quality × 0.35) + (token_score × 0.30) + (security × 0.20) + (speed × 0.15)

4. Generate Recommendations

Present Top-3 ranked options:

  • Rank, skill name, final score
  • Breakdown by dimension
  • Estimated tokens and time
  • Reasoning for recommendation
  • Security assessment summary

5. User Confirmation

Wait for user to:

  • Select option (1, 2, or 3)
  • Request more details about a skill
  • Cancel or modify the task

6. Execute

After confirmation:

  • If skill not installed: clawhub install <skill>
  • Execute the skill with original user request
  • Record actual metrics vs estimates

Security Assessment

Before recommending any skill from clawhub:

  1. Code Review: Check for suspicious patterns (network calls, file system access, credential harvesting)
  2. Permission Analysis: Verify requested permissions match functionality
  3. Author Verification: Prefer verified authors, established projects
  4. Update Frequency: Recently updated skills are preferred
  5. Community Trust: Ratings, issues, download count

Red flags that disqualify a skill:

  • Requests excessive permissions for its stated purpose
  • Contains obfuscated code
  • Makes unexpected network calls
  • Has no recent updates and low community engagement

Token Estimation

Estimate token costs based on:

  • Skill description length/complexity
  • Historical usage data (if available)
  • Number of API calls required
  • Output format verbosity

Store actual vs estimated for continuous improvement.

Scripts

  • scripts/evaluate_skill.py - Score a skill across all dimensions
  • scripts/search_clawhub.py - Search and fetch skill metadata from clawhub
  • scripts/calculate_cost.py - Estimate token and time costs

References

  • references/evaluation-rubric.md - Detailed scoring criteria
  • references/security-checklist.md - Security audit checklist

Comments

Loading comments...