skill-advisor
Evaluate OpenClaw skills before installation. Use when user wants to check a skill's safety, dependencies, popularity, or get an installation recommendation. Generates a pre-install assessment report with security status, metrics, and usage guidance.
安装 / 下载方式
TotalClaw CLI推荐
totalclaw install github:LeoYeAI~openclaw-master-skills~skill-advisorcURL直接下载,无需登录
curl -fsSL https://skills.taituai.com/api/skills/github%3ALeoYeAI~openclaw-master-skills~skill-advisor/file -o skill-advisor.md# Skill Advisor
Pre-install assessment tool for OpenClaw skills. Generate comprehensive evaluation reports to help users decide whether to install a skill.
## Features
- 🔒 **Security Status**: Check ClawHub official scan results
- 📊 **Popularity Metrics**: Downloads, stars, install count
- 🔄 **Maintenance Status**: Last update time, activity level
- 📦 **Dependency Analysis**: Required tools, libraries, complexity
- 💰 **API Cost Assessment**: Free/paid API requirements
- 🎯 **Installation Recommendation**: Clear go/no-go guidance
## Trigger Conditions
- "Check this skill before installing" / "安装前检查这个skill"
- "Is {skill-name} safe?" / "{skill-name}安全吗"
- "Evaluate skill {skill-name}" / "评估skill {skill-name}"
- "What does {skill-name} need?" / "{skill-name}需要什么依赖"
- "Should I install {skill-name}?" / "要不要安装{skill-name}"
- "skill-advisor {skill-name}"
- "帮我看看这个skill怎么样"
---
## Language Support
This skill supports multiple languages. Output language automatically matches the user's conversation language with OpenClaw.
**Supported Languages:**
- 中文 (Chinese)
- English
**Detection:**
- If user writes in Chinese → Output Chinese report
- If user writes in English → Output English report
- Default: Match the user's input language
---
## Step 1: Get Skill Information
When user provides a skill name, fetch its metadata:
```bash
SKILL_NAME="user-provided-skill-name"
# Get skill metadata from ClawHub
echo "📡 Fetching skill information..."
clawhub inspect "$SKILL_NAME" 2>/dev/null
# Alternative: Use ClawHub API directly
curl -s "https://clawhub.ai/api/v1/skills/$SKILL_NAME" | python3 -m json.tool 2>/dev/null
```
---
## Step 2: Fetch SKILL.md Content
Get the actual SKILL.md to analyze dependencies and functionality:
```bash
# Fetch SKILL.md content
SKILL_CONTENT=$(curl -s "https://clawhub.ai/api/v1/skills/$SKILL_NAME" | python3 -c "
import sys, json
try:
data = json.load(sys.stdin)
if 'skill' in data and 'content' in data['skill']:
print(data['skill']['content'])
elif 'content' in data:
print(data['content'])
else:
print('CONTENT_NOT_FOUND')
except:
print('PARSE_ERROR')
" 2>/dev/null)
echo "$SKILL_CONTENT"
```
---
## Step 3: Analyze and Generate Report
Parse the skill data and generate the assessment report in the user's language:
```bash
python3 << 'PYEOF'
import json
import re
import sys
from datetime import datetime
# Detect user language from input (passed as argument)
USER_LANG = "en" # Default to English, will be overridden by agent
# Simulated skill data (replace with actual API response)
skill_data = {
"name": "SKILL_NAME_PLACEHOLDER",
"description": "DESCRIPTION_PLACEHOLDER",
"version": "1.0.0",
"owner": "AUTHOR_PLACEHOLDER",
"created_at": "2026-01-01T00:00:00Z",
"updated_at": "2026-03-20T00:00:00Z",
"downloads": 0,
"stars": 0,
"license": "MIT-0",
"security_status": "unknown"
}
skill_content = """
SKILL_MD_CONTENT_PLACEHOLDER
"""
# Labels for different languages
LABELS = {
"zh": {
"conclusion_header": "🎯 结论",
"recommend_install": "✅ 推荐安装",
"caution_install": "⚠️ 可以安装,请注意事项",
"not_recommend": "❌ 不建议安装",
"score": "综合评分",
"security_pass": "通过",
"security_review": "需审查",
"deps_light": "轻量",
"deps_heavy": "较重",
"report_title": "📋 Skill 评估报告",
"metrics": "综合指标",
"official_security": "🔒 官方安全",
"benign": "✅ Benign(ClawHub扫描通过)",
"suspicious": "⚠️ Suspicious(需要审查)",
"security_unknown": "❓ 未知(未扫描)",
"popularity": "📈 流行度",
"downloads": "downloads",
"stars": "stars",
"maintenance": "🔄 维护状态",
"active_maintain": "天前更新(活跃维护)",
"normal_maintain": "天前更新(正常维护)",
"less_maintain": "天前更新(维护较少)",
"stop_maintain": "天前更新(可能停止维护)",
"maintenance_unknown": "❓ 未知",
"dep_burden": "📦 依赖负担",
"no_dep": "无需额外依赖",
"light_dep": "轻量",
"heavy_dep": "较重",
"deps_count": "个依赖",
"api_cost": "💰 API成本",
"no_api": "无需外部API",
"api_required": "需要",
"description": "📝 功能说明",
"env_req": "⚙️ 环境要求",
"cli_tools": "命令行工具",
"python_pkg": "Python包",
"node_pkg": "Node包",
"api_key": "API密钥",
"no_special_req": "无特殊要求",
"usage_note": "⚠️ 使用注意",
"data_upload": "📤 文档/数据会上传到",
"external_service": "📤 会访问外部服务",
"sensitive_data": "🔐 敏感数据请谨慎处理",
"install_advice": "💡 安装建议",
"safe_install": "可安全安装。",
"caution_install_text": "可以安装,但请注意上述事项。",
"not_install_text": "不建议安装,请寻找替代方案。",
"need_config": "需要配置API Key",
"meta_info": "ℹ️ 元信息",
"author": "作者",
"version": "版本",
"license": "许可证",
"score_time": "评分时间",
},
"en": {
"conclusion_header": "🎯 Conclusion",
"recommend_install": "✅ Recommended",
"caution_install": "⚠️ Install with Caution",
"not_recommend": "❌ Not Recommended",
"score": "Overall Score",
"security_pass": "Passed",
"security_review": "Review Needed",
"deps_light": "Light",
"deps_heavy": "Heavy",
"report_title": "📋 Skill Assessment Report",
"metrics": "Metrics",
"official_security": "🔒 Official Security",
"benign": "✅ Benign (ClawHub scan passed)",
"suspicious": "⚠️ Suspicious (needs review)",
"security_unknown": "❓ Unknown (not scanned)",
"popularity": "📈 Popularity",
"downloads": "downloads",
"stars": "stars",
"maintenance": "🔄 Maintenance",
"active_maintain": "days ago (actively maintained)",
"normal_maintain": "days ago (normal maintenance)",
"less_maintain": "days ago (less maintained)",
"stop_maintain": "days ago (possibly abandoned)",
"maintenance_unknown": "❓ Unknown",
"dep_burden": "📦 Dependencies",
"no_dep": "No dependencies required",
"light_dep": "Light",
"heavy_dep": "Heavy",
"deps_count": "dependencies",
"api_cost": "💰 API Cost",
"no_api": "No external API required",
"api_required": "Requires",
"description": "📝 Description",
"env_req": "⚙️ Requirements",
"cli_tools": "CLI Tools",
"python_pkg": "Python Packages",
"node_pkg": "Node Packages",
"api_key": "API Keys",
"no_special_req": "No special requirements",
"usage_note": "⚠️ Usage Notes",
"data_upload": "📤 Data uploads to",
"external_service": "📤 Accesses external services",
"sensitive_data": "🔐 Handle sensitive data with care",
"install_advice": "💡 Installation Advice",
"safe_install": "Safe to install.",
"caution_install_text": "Can be installed, but please note the above.",
"not_install_text": "Not recommended. Consider alternatives.",
"need_config": "API Key configuration required",
"meta_info": "ℹ️ Metadata",
"author": "Author",
"version": "Version",
"license": "License",
"score_time": "Scored at",
}
}
def get_label(key, lang="en"):
"""Get localized label"""
return LABELS.get(lang, LABELS["en"]).get(key, key)
def calculate_security_score(content, security_status):
score = 100
if security_status == "benign":
return 100
elif security_status == "suspicious":
return 50
dangerous_patterns = [
(r'curl\s+-fsSL.*\|.*bash', 30),
(r'sudo\s+(apt|yum|dnf)\s+install', 15),
(r'eval\s*\(', 20),
(r'exec\s*\(', 15),
]
for pattern, penalty in dangerous_patterns:
if re.search(pattern, content, re.IGNORECASE):
score -= penalty
return max(0, score)
def calculate_popularity_score(downloads, stars):
score = 0
if downloads >= 10000: score += 60
elif