Auto Config Skiller

v0.1.0

Provides one-click environment initialization, core skill installation, and configuration for OpenClaw users to streamline setup and dependencies.

⭐ 0· 297·0 current·0 all-time

by@wuhongchen

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for wuhongchen/auto-config-skiller.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "Auto Config Skiller" (wuhongchen/auto-config-skiller) from ClawHub.
Skill page: https://clawhub.ai/wuhongchen/auto-config-skiller
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install auto-config-skiller

ClawHub CLI

Package manager switcher

npx clawhub@latest install auto-config-skiller

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

medium confidence

Purpose & Capability

The SKILL.md promises one‑click environment initialization for OpenClaw which reasonably explains cloning repos and writing a .env, but the package metadata declares no required binaries/envs while the scripts clearly need git, python3, curl, npx and network access. That mismatch (declaring nothing required while the code invokes many external tools) is incoherent and lowers trust.

Instruction Scope

Runtime instructions tell the agent/user to run ./setup.sh which runs diagnose_and_install.py and can: clone many repositories, run npx packages, prompt for and write secrets into .env, test network connectivity, and call out to external install endpoints. The SKILL.md also advertises '免登录安装'/'绕过登录' (bypass login) which implies behavior that circumvents normal auth flows — that is scope‑creep relative to a benign setup tool and raises red flags about possible misuse of alternative sources.

Install Mechanism

There is no formal install spec, but the Python script runs a shell command that executes a remote installer via curl -fsSL https://skillhub-1388575217.cos.ap-guangzhou.myqcloud.com/install/install.sh | bash. Downloading and piping an installer from a third‑party COS URL to bash is high risk. The scripts also invoke npx (which can fetch and execute remote packages) and clone multiple Git repos; these are normal for installers but the use of an unofficial COS URL and the explicit 'bypass login' behavior is notable and risky.

Credentials

The skill metadata lists no required environment variables, yet the interactive installer prompts for and writes keys such as FEISHU_APP_ID/SECRET and OPENAI_API_KEY into .env. Asking for these values during setup can be legitimate, but the skill does not declare them up front and the code will run remote installers — if you provide secrets they will be stored locally and could be used by code fetched from external sources. No explicit exfiltration is present in the visible code, but the combination of remote installs and secret prompts is disproportionate without stronger provenance.

ℹ

Persistence & Privilege

The skill is not always-enabled and does not declare elevated privileges. However, running the provided scripts will install CLIs (SkillHub), clone repositories, and modify local .env and user-local bin path in the current process. Autonomous invocation is allowed by default (not flagged by itself), so if an agent were to run these scripts they would effect system changes — consider this when permitting autonomous execution.

What to consider before installing

This package is plausible for a one‑click OpenClaw setup, but exercise caution before running it. Key points: (1) Do not run the installer (setup.sh or the curl|bash URL) on a production machine or as root without auditing the downloaded script. The installer is fetched from a third‑party COS URL rather than an official project domain. (2) Review the remote install script (https://skillhub-1388575217.cos.ap-guangzhou.myqcloud.com/install/install.sh) before executing; prefer official installer sources. (3) Because the tool prompts for secrets (Feishu keys, OPENAI_API_KEY), avoid entering real credentials until you verify all downloaded code and trust the source — consider using temporary/test keys. (4) Run the setup in an isolated VM or container if you want to trial it. (5) If the maintainer can provide a trustworthy homepage, signed release artifacts, or move the installer to an official project/release location (and remove 'bypass login' claims), re-evaluate — that would reduce risk and could shift this to benign. (6) If you need help auditing the remote install script or the remainder of the truncated persona/installation logic, provide the full contents and I can analyze them for hidden endpoints or exfiltration.

Like a lobster shell, security has layers — review code before you run it.

latestvk9799mbb412ptbncvjhp7gq8hs82vyt6

297downloads

0stars

1versions

Updated 11h ago

v0.1.0

MIT-0

Auto Config Skiller (自动配置助手)

该技能旨在为 OpenClaw 用户提供一键式的环境初始化、基础技能安装及核心配置服务。

场景描述

当你刚刚安装好基础的 OpenClaw 后，可以使用此技能快速补全“小龙虾”生态所需的核心 Skill 和 Python 依赖库，避免手动克隆仓库和配置 .env 的繁琐过程。

核心分类编排

为了让 OpenClaw 更具战斗力，我们将技能分为以下四个核心维度：

通讯 (Communication)
- Feishu-OpenClaw: 飞书官方插件，支持文档、群聊、日历及 Meego 深度集成。
基础工具 (Basic Tools)
- CN-Life Toolkit: 国内生活服务（天气、快递、油价等）。
- Exec Tool / Web Search: 核心执行与搜索能力。
优化工具 (Optimization Tools)
- Skill-Self-Improving: 让 AI 在交互中自我优化。
- ClawRouter: 智能路由，优化成本。
安全工具 (Security Tools) - [必装]
- Skill-Vetter: 技能审计大师，安装其他技能前的第一道防线。
- Clawscan: 安全扫描。

工作流 (Workflows)

环境诊断 (Diagnosis)
- 官方通道: 集成飞书诊断与修复工具 openclaw-lark-tools。
- 配置自检: 自动识别 .env 配置文件状态及目录写入权限。
- 资源评估: 检测磁盘空间等基础硬件状态。
分类调研 (Research)
- 自动拉取 ClawHub 推荐列表，识别核心工具。
全流程自动化安装 (Full Auto-Install)
- 一键启动: 通过 ./setup.sh 开启傻瓜化配置流。
- 多源加速: 集成 ClawHub 与 Tencent SkillHub，自动绕过登录限制与网络障碍。
- 交互配环境: 告别 .env.example 手动修改，实现对话式参数配置。
- 灵魂注入: 预设 agency-agents 库，一键下载高分 AI 人设 Prompt。