ClawHub

Skillminer

v0.4.4

Suggest reusable skills from recurring patterns in local memory files. Human review gate, drafts only to skills/_pending/, local-first runner with optional e...

0· 112·0 current·0 all-time
byRobby@robbyczgw-cla
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (scan local memory, suggest skills, draft into skills/_pending/) matches the actual inputs, outputs, and dependencies. Required binaries (bash, jq, git, date, flock, openclaw) are appropriate for a local filesystem-scanning, templating, and OpenClaw-invoking tool. There are no unrelated credential requests or unexpected external services declared.
Instruction Scope
The runtime prompts and wrapper scripts explicitly read memory/YYYY-MM-DD*.md files, update local state under state/, and draft SKILL.md into skills/_pending/. The prompts include many hard rules (slug validation, atomic writes, don't auto-activate) and treat memory as untrusted data. Important: the wrapper runs nested agent work and can use an external runner (FORGE_RUNNER=claude) if you opt in — in that case prompt data will be sent to Anthropic. Reading local memory is necessary for the stated purpose, but it inherently exposes whatever sensitive content is in those files to the skill's analysis and, if the external fallback is enabled, to a third party.
Install Mechanism
No external download/install spec is present (the skill is distributed as scripts and docs), and the included scripts use standard shell tools and atomic-write helpers. There are no installers pulling code from arbitrary URLs; setup.sh and scripts are local and visible for review. The single risk to note is that setup.sh may create a convenience symlink under /usr/local/bin when run as root — run with non-root or inspect before running if you have concerns.
Credentials
The skill requests no secrets or credentials and declares only an optional CLAWD_DIR and an opt-in FORGE_RUNNER. That optional env var is explicitly documented as causing external network egress when set to 'claude'. No other unrelated environment variables, tokens, or config paths are requested.
Persistence & Privilege
The skill does not request 'always: true' and does not modify other skills' configuration. It runs as a normal, user-invocable skill and writes only to its own state/ and skills/_pending/ workspace. Autonomous invocation is allowed by platform default; combined with the opt-in external runner this increases blast radius only if the user enables FORGE_RUNNER=claude.
Assessment
This skill is internally coherent with what it says it will do, but review and act cautiously: 1) Inspect the scripts (especially setup.sh and the run-*.sh wrappers) before running; do not run setup.sh as root unless you understand the symlink step. 2) Run one manual scan (CLAWD_DIR="${CLAWD_DIR:-$HOME/clawd}" bash scripts/run-nightly-scan.sh) and inspect state/review/ and state/logs/ output before scheduling automated runs. 3) Keep your memory/ files free of secrets (API keys, passwords, tokens) — the skill reads them to find patterns. 4) Do NOT set FORGE_RUNNER=claude unless you explicitly accept that prompt data (excerpts of your local memory used as analysis context) will be sent to Anthropic; by default the runner stays local (openclaw). 5) Use cron delivery.mode: "announce" as documented so the skill's dispatcher only posts summaries and does not itself perform network writes. If you need higher assurance, run the skill in a restricted environment or review the full scripts and prompts line-by-line before installing.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

Binsjq, bash, date, git, openclaw, flock
latestvk977gdg83cf4k2g950h3e8tk1h854p24
112downloads
0stars
19versions
Updated 4h ago
v0.4.4
MIT-0
Robby@robbyczgw-cla
latest
Download

skillminer ⚒️

Your AI assistant keeps solving the same problems. skillminer notices and suggests turning them into reusable skills.

skillminer watches your local memory files, spots recurring work, and surfaces the patterns worth keeping. No auto-activation, no cloud sync, no noise by default. A morning suggestion in your inbox when something actually deserves to become a skill.

Trust model

  • Human gate first, always. Nothing ships without your explicit accept.
  • Drafts go to skills/_pending/<slug>/, never to live skills.
  • Default runner is local OpenClaw. No data leaves the host.
  • FORGE_RUNNER=claude is an opt-in external fallback that sends prompt data to Anthropic's API.
  • Notifications are off by default; review files are written locally regardless.

Flow

nightly scan   reads recent memory/YYYY-MM-DD.md files
               detects recurring task patterns
               writes a review file to state/review/
               ↓
YOU DECIDE     forge accept / reject / defer / silence
               ↓
morning write  drafts a SKILL.md into skills/_pending/<slug>/
               you review it, promote it, ship it

Nothing goes live automatically. You stay in control at every step.

Quick start

openclaw skills install skillminer
cd "${CLAWD_DIR:-$HOME/clawd}/skills/skillminer"
bash setup.sh
CLAWD_DIR="${CLAWD_DIR:-$HOME/clawd}" bash scripts/run-nightly-scan.sh

If the manual scan looks good, add the printed scheduler jobs using the dispatcher prompts.

Environment

  • CLAWD_DIR — optional, defaults to ~/clawd
  • FORGE_RUNNER — defaults to openclaw (local). Set to claude only if you accept that prompt data leaves the host.

Commands

forge is the command prefix.

  • forge show — list current candidates
  • forge review — open the latest review file
  • forge accept <slug> — accept a candidate for the next morning write
  • forge reject <slug> "reason" — reject permanently
  • forge defer <slug> "reason" — defer with cooldown
  • forge silence <slug> "reason" — silence without cooldown
  • forge unsilence <slug> — resurface a silenced entry
  • forge promote <slug> — move a pending draft into live skills

Manual triggers

When you want a one-shot run without remembering full paths:

skillminer scan     # run nightly scan now
skillminer write    # run morning write now
skillminer full     # scan + write in sequence
skillminer status   # show current ledger state
skillminer help     # show usage

Security

  • Slug validation gates every filesystem-path boundary (regex-enforced)
  • Atomic state writes with backup rotation and JSON validation
  • flock-based single-instance guarantee across all entry points
  • Memory files are treated as untrusted data in the nightly scan prompt

See README.md and USER_GUIDE.md for full docs.

Comments

Loading comments...