Skill Hub:Openclaw 技能的安全发现与管理
作者:互联网
2026-03-25
AI教程
什么是 Skill Hub?
Skill Hub 是扩展 AI 智能体能力的首要门户。它作为本地环境与庞大 Openclaw 技能生态系统之间的桥梁,提供了一个统一的界面来搜索数千个精选工具。通过与 ClawHub 注册表和 GitHub 目录集成,它确保开发人员能够为其智能体工作流获取最新的扩展。
除了简单的发现功能,Skill Hub 还优先考虑生态系统的安全性。它对恶意模式、代码级漏洞和复杂的提示词注入进行深度扫描。这确保了您添加到智能体中的每一个 Openclaw 技能都是安全、可靠的,并符合技术最佳实践,为自动化工作流提供值得信赖的基础。
下载入口:https://github.com/openclaw/skills/tree/main/skills/phenixstar/skill-hub
安装与下载
1. ClawHub CLI
从源直接安装技能的最快方式。
npx clawhub@latest install skill-hub
2. 手动安装
将技能文件夹复制到以下位置之一
全局模式~/.openclaw/skills/
工作区
/skills/ 优先级:工作区 > 本地 > 内置
3. 提示词安装
将此提示词复制到 OpenClaw 即可自动安装。
请帮我使用 Clawhub 安装 skill-hub。如果尚未安装 Clawhub,请先安装(npm i -g clawhub)。
Skill Hub 应用场景
- 当用户要求特定功能或工具集成时,寻找新的能力。
- 审计当前已安装 Openclaw 技能的安全性,以检测潜在的提示词注入风险。
- 使用命令行直接从 ClawHub 注册表安装新工具。
- 通过与最新的 Openclaw 技能仓库同步,监控生态系统的增长。
- 枢纽查询 ClawHub 注册表和 awesome-openclaw-skills 目录,根据关键词或类别查找匹配项。
- 它根据精选状态、成熟度和之前的审查结果等因素计算信誉评分(0-100)。
- 用户可以触发安全扫描,分析技能逻辑是否存在危险操作,如 Shell 注入或环境收割。
- 验证通过后,使用 clawhub CLI 工具将技能安装到本地环境中。
- 状态仪表板跟踪已安装 Openclaw 技能相对于总可用目录的覆盖范围。
Skill Hub 配置指南
要开始管理您的 Openclaw 技能,请确保您的本地环境中具有必要的脚本和依赖项。
# 搜索可用技能
python3 scripts/skill-hub-search.py --query "spreadsheet"
# 从注册表安装特定技能
npx clawhub@latest install
# 将本地目录与最新更新同步
python3 scripts/skill-hub-sync.py
Skill Hub 数据架构与分类体系
Skill Hub 根据细粒度的信誉系统和技术元数据对 Openclaw 技能进行分类。
| 等级 | 分数范围 | 定义 |
|---|---|---|
| 信任 | 85-100 | 经过完全精选、审查且成熟的工具。 |
| 良好 | 60-84 | 经过精选或审查,具有积极的社区信号。 |
| 未审查 | 30-59 | 在注册表中可用,但尚未进行安全扫描。 |
| 警告 | 0-29 | 缺失元数据或被标记安全警告。 |
安全扫描同时检查代码级风险(eval/exec)和 NLP 级风险(角色劫持、外泄提示词)。
name: skill-hub
description: "OpenClaw skill discovery, security vetting & install. Searches 3000+ curated skills from ClawHub registry and awesome-openclaw-skills catalog. Scores credibility, detects prompt injection & malicious patterns, manages installations. Quick-checks GitHub for new skills."
license: MIT
version: 1.0.0
homepage: https://github.com/PhenixStar/openclaw-skills-collection
user-invocable: true
disable-model-invocation: false
auto_activate:
- "find skill"
- "install skill"
- "search skills"
- "what skills exist"
- "skill for"
- "discover skill"
- "vet skill"
- "scan skill"
- "skill security"
- "new skills"
- "skill updates"
- "browse skills"
allowed-tools:
- Bash
- Read
- Write
Skill Hub
Unified skill discovery, security vetting, and installation for OpenClaw.
Commands
Search Skills
Find skills by keyword, category, or credibility score.
python3 scripts/skill-hub-search.py --query "spreadsheet"
python3 scripts/skill-hub-search.py --category "DevOps" --min-score 60
python3 scripts/skill-hub-search.py --query "auth" --live # include live ClawHub results
python3 scripts/skill-hub-search.py --installed # show only installed
python3 scripts/skill-hub-search.py --not-installed --limit 20 # discovery mode
Install Skills
After finding a skill, install via ClawHub:
npx clawhub@latest install
Vet Skills (Security Scan)
Scan a skill for malicious patterns, prompt injection, and logic weaknesses.
python3 scripts/skill-hub-vet.py --slug google-sheets # vet single skill
python3 scripts/skill-hub-vet.py --all-installed # vet all installed
python3 scripts/skill-hub-vet.py --category "DevOps" # vet category
python3 scripts/skill-hub-vet.py --top 10 # vet top N unvetted
Status Dashboard
See installed vs catalog coverage, unvetted warnings, recommendations.
python3 scripts/skill-hub-status.py
Quick Check (GitHub API)
Fast check if new skills were added since last sync. Uses gh CLI — no full download needed.
python3 scripts/skill-hub-quick-check.py # check for updates
python3 scripts/skill-hub-quick-check.py --sync # auto-sync if updates found
python3 scripts/skill-hub-quick-check.py --query "ai" # check + search new skills
Browse Full Catalog
Export catalog as formatted table (terminal or markdown), grouped by category.
python3 scripts/skill-hub-table-export.py # terminal table
python3 scripts/skill-hub-table-export.py --format markdown # markdown table
python3 scripts/skill-hub-table-export.py --category "AI" # filter category
Sync Catalog
Full re-fetch from GitHub awesome-list. Computes credibility, preserves vet results, shows diff.
python3 scripts/skill-hub-sync.py
Credibility Scores (0-100)
| Tier | Score | Meaning |
|---|---|---|
| Trusted | 85-100 | Curated + vetted + mature |
| Good | 60-84 | Curated or vetted, some signals |
| Unvetted | 30-59 | Exists in registry, not scanned |
| Caution | 0-29 | Missing signals or security warnings |
Security Checks
Code-level: eval/exec, shell injection, obfuscation, network access, env harvesting, destructive ops.
NLP/Prompt-level: hidden instructions, role hijacking, invisible unicode, exfiltration prompts, authority escalation, social engineering.
When to Use
- User asks "find a skill for X" or "is there a skill that can..."
- User wants to extend capabilities with new tools
- User wants to check if installed skills are safe
- Before installing unknown skills from registry
相关推荐
专题
+ 收藏
+ 收藏
+ 收藏
+ 收藏
+ 收藏
最新数据
相关文章
信号管道:自动化营销情报工具 - Openclaw Skills
技能收益追踪器:监控 Openclaw 技能并实现变现
AI 合规准备就绪度:评估与治理工具 - Openclaw Skills
FOSMVVM ServerRequest 测试生成器:自动化 API 测试 - Openclaw Skills
酒店搜索器:AI 赋能的住宿与位置情报 - Openclaw Skills
Dub 链接 API:程序化链接管理 - Openclaw Skills
IntercomSwap:P2P BTC 与 USDT 跨链兑换 - Openclaw Skills
spotplay:macOS 原生 Spotify 播放控制 - Openclaw Skills
DeepSeek OCR:AI驱动的图像文本识别 - Openclaw Skills
Web Navigator:自动化网页研究与浏览 - Openclaw Skills
AI精选
