ClawHub

Skill Quality Check

v1.0.4

Quality audit for AI Agent Skills. Use before installing or after writing any SKILL.md. Scores 5 dimensions with actionable improvements. Works for skills wr...

1· 103·0 current·0 all-time
byDenny@webkong
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name, description, and included files (SKILL.md, README, examples, references) align with a Skill-audit tool. There are no binaries, env vars, or config paths required that would be unrelated to auditing SKILL.md files.
Instruction Scope
Instructions explicitly tell the agent to read local SKILL.md files (common skill dirs are listed) and optionally fetch a remote SKILL.md via raw.githubusercontent.com using curl if no local copy exists — this is coherent for an audit tool. Note: the curl step implies network fetch of arbitrary public repo content; that is expected for remote audits but is a capability the user should be aware of.
Install Mechanism
No install spec or code files; instruction-only skills have low disk/write risk. Everything is documentation and examples; nothing will be downloaded or executed by default outside of optional user-invoked network fetch guidance.
Credentials
The skill requests no environment variables, no credentials, and no config paths. That is proportional for a documentation/audit skill.
Persistence & Privilege
always:false and no instructions to persist configuration, modify other skills, or change system-wide settings. The skill does not ask for elevated or permanent presence.
Assessment
This appears to be a coherent, documentation-only audit tool. Before using: (1) be aware the SKILL.md suggests fetching remote files with curl — only fetch SKILL.md from repositories you trust; network fetches can retrieve arbitrary content. (2) The audit reads SKILL.md and adjacent reference files in common skill directories (e.g., ~/.openclaw, ~/.claude); run it only if you consent to that file access. (3) Review the bundled references/examples yourself — the auditor's recommendations are only as good as its rulebook. If you plan to run automated CI checks, review and pin any scripts you add separately rather than relying solely on remote fetches.

Like a lobster shell, security has layers — review code before you run it.

auditvk977qny54m2c6sertgyvb1hj1183tezhbest-practicesvk977qny54m2c6sertgyvb1hj1183tezhclaudevk977qny54m2c6sertgyvb1hj1183tezhcodexvk977qny54m2c6sertgyvb1hj1183tezhcursorvk977qny54m2c6sertgyvb1hj1183tezhframeworkvk977qny54m2c6sertgyvb1hj1183tezhlatestvk977qny54m2c6sertgyvb1hj1183tezhopenclawvk977qny54m2c6sertgyvb1hj1183tezhskill-qualityvk977qny54m2c6sertgyvb1hj1183tezh

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments