Skill Optimizer
v0.1.0Analyze the current conversation history and local installed skills to identify missed skill triggers, overlapping or duplicate skills, weak metadata, stale...
⭐ 0· 81·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name and description claim an audit of the current conversation and locally visible skills; the SKILL.md only asks the agent to read the conversation and local skill directories, produce a report, and wait for the user's confirmation before making edits — all of which align with the stated purpose.
Instruction Scope
Runtime instructions explicitly tell the agent to scan the current thread and 'locally visible skill directories' (examples provided). This is appropriate for an optimizer, but the instructions do not strictly limit scanning to a small set of safe paths — there is a small risk the agent could search broader workspace files if 'locally visible' is interpreted widely. The SKILL.md does, however, require editing only after explicit user selection and instructs the agent not to modify files during analysis.
Install Mechanism
No install spec, no code files to write or execute. Instruction-only skills are lowest-risk from an install perspective.
Credentials
The skill declares no required environment variables, binaries, or credentials. The only resource access it needs is file-system visibility to skill directories and access to the current conversation, which is proportionate to the audit task. Note: if user skills store secrets in their skill files or nearby config, the auditor could read those files unless the user confines the scan scope.
Persistence & Privilege
always is false and model invocation is allowed (default). The skill does not request persistent installation, nor does it claim to modify other skills without explicit user confirmation. Autonomous invocation is normal platform behavior and not by itself concerning here.
Assessment
This skill appears coherent and appropriate for auditing local skills, but before running it you should: (1) confirm which directories it may scan (e.g., ./skills, ./.agents/skills) so it does not access unrelated sensitive files; (2) prefer running an initial dry-run read-only audit and review the generated report before allowing any edits; (3) avoid storing secrets in skill files or in locations that the auditor will scan, or explicitly exclude those paths; and (4) when presented with the action queue, verify targets (absolute paths) before choosing Delete or Merge. If you want stronger safeguards, ask the skill to limit its scan to explicit paths you list and to require confirmation for every file-modifying step.Like a lobster shell, security has layers — review code before you run it.
latestvk9720j19740jpyf67750xf0t65839p9f
License
MIT-0
Free to use, modify, and redistribute. No attribution required.