Dynamic Skill Manager
v1.0.1Track and manage OpenClaw skills usage, find idle skills, and safely uninstall unused ones. Use when: - User wants to see what skills are installed or track...
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description match what the code and SKILL.md do: enumerate, track, find idle skills, archive and uninstall skills under ~/.openclaw/workspace/skills. Only python3 is required and no unrelated services or credentials are requested.
Instruction Scope
Instructions and script operate only on local OpenClaw paths (registry, usage log, skills directory). They perform destructive actions (shutil.rmtree on skill directories) which is expected for an uninstall tool, and they log usage context to disk. This matches the stated functionality, but the script stores usage/context locally (unencrypted) and can remove skill directories — the user should be aware that invoking uninstall will irrevocably delete skill files unless archived/backed up.
Install Mechanism
No external install or remote download steps; it's an instruction-only skill with an included Python script. Nothing is fetched from arbitrary URLs or package registries.
Credentials
No environment variables, credentials, or unrelated config paths are requested. The requested filesystem access is proportional to the purpose (reading/writing ~/.openclaw workspace files).
Persistence & Privilege
The skill is not always-enabled and requests no special platform privileges. However it can delete skill directories and update registry files; if the agent is allowed to invoke the skill autonomously (default model-invocation not disabled), an LLM could call uninstall operations without explicit user confirmation. Consider requiring explicit user confirmation for destructive actions or disabling autonomous invocation if you want to limit risk.
Assessment
This skill appears to do what it claims — manage and remove local skills — and it does not request unrelated credentials or external downloads. Things to consider before installing or enabling autonomous use:
- Back up your ~/.openclaw/workspace/skills and registry before running uninstall/sync operations, because uninstall will remove directories with shutil.rmtree.
- Usage logs (context strings) are written to ~/.openclaw/workspace/.skill-manager/usage-log.jsonl unencrypted; avoid sending sensitive user data into the track command or consider rotating/clearing logs.
- There is a subtle implementation issue: the code calls Path.resolve() before checking for symlinks, so the intended symlink check may not always detect certain symlink attack patterns. Also consider TOCTOU race conditions between path checks and deletion. If you plan to use this in a multi-user or adversarial environment, ask the author to patch the uninstall logic (check is_symlink on the non-resolved path or inspect path components with lstat; perform atomic checks and removals or require extra confirmation for risky operations).
- Consider disabling autonomous model invocation for this skill or requiring explicit user confirmation for uninstall operations to reduce the risk of accidental or automated deletions of skills (especially when using the --force option which overrides system-skill protection).
If you want higher assurance, request the complete, untruncated source and ask the author to demonstrate fixes for the symlink/TOCTOU concerns and to add an explicit user confirmation step for destructive actions.Like a lobster shell, security has layers — review code before you run it.
Runtime requirements
🧩 Clawdis
Binspython3
latest
Dynamic Skill Manager
Track skill usage, find idle skills, and safely manage skill lifecycle.
⚠️ Security Notice
v0.2.0 includes critical security fixes:
- Path traversal vulnerability fixed in
uninstall_skill() - Input validation for all skill names
- Symlink attack prevention
- System skill protection
Core Concepts
| 概念 | 说明 |
|---|---|
| Dynamic Skill | 按需安装的 skill,可清理 |
| Pinned Skill | 系统 skill,受保护不可删除 |
| Registry | skill 元数据存储 |
自动保护的系统 Skills:self-improving-agent, pahf, error-log-selfcheck, dynamic-skill-manager
Quick Start
# 同步已安装 skills 到注册表
python3 ~/.openclaw/workspace/skills/dynamic-skill-manager/scripts/skill_manager.py sync
# 列出所有 skills(📌 = pinned)
python3 ~/.openclaw/workspace/skills/dynamic-skill-manager/scripts/skill_manager.py list
# 查看系统 skills
python3 ~/.openclaw/workspace/skills/dynamic-skill-manager/scripts/skill_manager.py pinned
# 查找闲置 skills(N 天未使用)
python3 ~/.openclaw/workspace/skills/dynamic-skill-manager/scripts/skill_manager.py idle 30
# 安全卸载 skill(有输入验证)
python3 ~/.openclaw/workspace/skills/dynamic-skill-manager/scripts/skill_manager.py uninstall <skill-name>
# 记录 skill 使用
python3 ~/.openclaw/workspace/skills/dynamic-skill-manager/scripts/skill_manager.py track <skill> "<context>"
Data Location
~/.openclaw/workspace/.skill-manager/
├── registry.json # Skill 元数据
├── usage-log.jsonl # 使用历史
└── archive/ # 已卸载 skill 的元数据
Registry Schema
{
"skills": {
"skill-name": {
"installed_at": "2026-03-07T03:00:00Z",
"source": "clawhub",
"usage_count": 5,
"last_used": "2026-03-07T03:00:00Z",
"context_keywords": ["keyword1"],
"pinned": false
}
}
}
Integration Points
- After skill use:
track_usage(skill_name, context_summary) - On user request:
list_skills(),find_idle_skills(days)
Security Features
The uninstall_skill() function includes multiple safety checks:
- Input Validation: Skill names must be alphanumeric with dashes/underscores only
- Path Traversal Prevention: Resolves paths and verifies containment within skills directory
- Symlink Detection: Rejects symlinks to prevent attacks
- System Skill Protection: Prevents accidental deletion of critical skills
Script Reference
See scripts/skill_manager.py for implementation.
Comments
Loading comments...
