ClawHub

procedural-distiller

v1.0.0

Distill successful multi-step OpenClaw sessions into reusable learned skills before compaction. Use when a task involved many tool calls, environment setup,...

0· 107·0 current·0 all-time
by曹广雨@xiaocaijic
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description match the included SKILL.md and distill_logic.py. Required capabilities (reading a trace, extracting events, writing skill files) align with the stated goal. No unrelated credentials, binaries, or install steps are requested.
!
Instruction Scope
The runtime instructions and the script read a user-supplied trace JSON and write a learned skill (SKILL.md, agents/openai.yaml, memory.json) under a skills/learned/ directory. This is expected, but the workflow explicitly preserves concrete commands, file paths, and code snippets from the trace without sanitization, which could capture and persist sensitive data (secrets, credentials, absolute paths).
Install Mechanism
No install spec; this is an instruction-only skill with an included Python script. That is low-risk—nothing is downloaded or executed automatically beyond running the provided script locally.
Credentials
The skill requests no environment variables or credentials (proportional). However, because it serializes whatever is in the trace into persistent files, it may store sensitive environment-derived data present in traces. The absence of declared credentials is appropriate, but users should verify trace contents before distillation.
Persistence & Privilege
always is false and the skill only writes files into an output-root/learned skill directory (default 'skills/learned/...'). It does not modify other skills, system-wide agent settings, or request permanent platform privileges.
Assessment
This skill does exactly what it says: it reads a provided trace JSON and writes a learned skill (SKILL.md, agents/openai.yaml, memory.json) containing concrete commands, file paths, and snippets. Before running: (1) inspect the trace for secrets, credentials, or sensitive paths and redact them if present; (2) run the script in a controlled environment and set --output-root to a directory you control; (3) consider lowering --max-events or raising --min-tool-calls to limit persisted data; (4) review generated files before sharing or committing them to version control. The tool does not exfiltrate data over the network, but it will persist whatever is in the trace—treat that output as potentially sensitive.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ehnshkmrgvzppg3h76n1wgn837x75

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments