Skill Insight
v1.0.8Understand what your AI agent's skills are actually being used for — with usage reports, success/failure tracking, and unused-skill recommendations. Part of...
⭐ 1· 108·1 current·1 all-time
byYY@yingy4
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill claims to analyze existing usage data and recommend unused skills; the repository provides registry, recording, reporting, analysis, and optional session-scanning scripts that match that purpose. The components requested/used (local files, optional cron, local gateway/CLI) are proportionate to the stated purpose.
Instruction Scope
Instructions are generally scoped to recording and analyzing local usage data and optionally scanning recent sessions. One potential clarity issue: the SKILL.md initially states "It does not automatically collect data for you," yet it documents an optional cron scan and a session-scanner that can automatically detect script-type invocations if the user enables them. The session scanner reads local session messages (via the local gateway API or openclaw CLI) in-memory to detect skill mentions; it does not persist message contents but does record session identifiers and auto-detected invocation metadata into usage.json.
Install Mechanism
There is no remote install or download step; all code is included. Risk is low because it does not fetch or execute remote archives. The scripts run locally and the recommended cron entry is a standard wrapper that invokes included scripts.
Credentials
The skill declares no required credentials. It optionally reads the user's ~/.openclaw/openclaw.json to discover the gateway port and makes HTTP calls to localhost and/or invokes the local openclaw CLI. This is coherent for session scanning but is a scope of access the user should be aware of (it must be able to read session lists/messages via the local gateway or CLI). An optional SKILL_USAGE_TRACKER_DIR environment variable can change where data is read/written.
Persistence & Privilege
The skill does not request permanent platform-wide privileges (always:false). It creates/uses a local data directory under the skill root (or ~/.openclaw/workspace/skills/skill-insight) and writes usage and registry JSON files. It does not modify other skills' configs or agent settings.
Assessment
This skill is a local analyzer/reporting tool; it will create and update data files (data/usage.json and data/skill_registry.json) in the skill directory (by default ~/.openclaw/workspace/skills/skill-insight/data). If you enable automatic scanning (cron or run scan_sessions.py) it will read recent OpenClaw session history via the local gateway API or the openclaw CLI to detect skill mentions. It does not transmit data off your machine and it does not require API keys, but it will read session messages in-memory and record auto-detection metadata (session identifiers, timestamps, and detection notes) into usage.json. Before installing or enabling the cron job: review and confirm the data directory location (use SKILL_USAGE_TRACKER_DIR to override), inspect the cron entry, and verify your OpenClaw gateway is bound to localhost (not exposed externally). If you prefer manual control, use the record.sh/record.py commands instead of enabling the cron/scanner. If you want extra assurance, run the scripts manually once to inspect the files they create and the exact contents written to usage.json and skill_registry.json.Like a lobster shell, security has layers — review code before you run it.
latestvk970zy7vxpwzfscq6gcp4vh0gd83rkvd
License
MIT-0
Free to use, modify, and redistribute. No attribution required.