openclaw-skill-generator
ReviewAudited by ClawScan on May 13, 2026.
Overview
The skill mostly matches its stated purpose, but it can automatically install tools and write backups outside the OpenClaw folder, so users should review its behavior before enabling it.
Use this skill only if you are comfortable with it creating persistent OpenClaw skill folders. Before running it, confirm Node.js setup manually if needed, reject any unapproved package-install commands, and choose a safe backup directory under your OpenClaw folder.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could install or configure software on the user's machine before clearly asking for permission.
The troubleshooting guide tells the agent to automatically run installation commands when possible, including package-manager commands that can alter the local system.
如果当前环境允许自动执行安装命令,并且具备相应权限,应优先自动安装。 ... Ubuntu / Debian | apt | `sudo apt update && sudo apt install nodejs npm`
Require explicit user confirmation before any package installation, system configuration, sudo, winget, brew, apt, yum, npm, or similar environment-changing command.
Backups may be written to an unexpected or protected system location, potentially failing due to permissions or leaving copies of skill contents somewhere the user did not expect.
The backup helper defaults to recursively copying a skill directory into a root-level backup location rather than keeping backups under the .openclaw skill area.
把当前版本备份到系统根目录下的 skill-backups 文件夹 ... return path.join(parsed.root || path.sep, "skill-backups");
Default backups to a scoped location such as .openclaw/backups, and ask the user before writing anywhere outside the OpenClaw skills directory.
The skill may fail or enter its tool-setup flow if Node.js is missing, even though the registry does not advertise that dependency.
The README requires Node.js, while the supplied registry metadata declares no required binaries or install spec, so prerequisite checks may be incomplete.
## Requirements - OpenClaw installed and working - Node.js available on PATH (`node --version`)
Declare Node.js as a required binary in metadata or provide a clear install spec so users understand the prerequisite before use.
A generated or replaced skill can persist beyond the current chat and affect future OpenClaw routing.
The skill is designed to deploy generated content into the active OpenClaw skills directory, where it can influence future agent behavior.
Phase 5:部署安装到目标 skill 目录(可处理同名冲突、替换安装)
Review the generated SKILL.md and helper scripts before installing or replacing an existing skill.