🔷 Skill Trigger V2 🔷

Security scanner for OpenClaw skills. Detects malicious code, obfuscated payloads, prompt injection, social engineering, typosquatting, and data exfiltration before installation. Features 0-100 numeric risk scoring, MITRE ATT&CK mappings, base64/hex deobfuscation, IoC database, whitelist system, and SHA256 file inventory. Use before installing any third-party skill. Triggers: audit skill, check security, scan skill, is this skill safe, security review, quarantine.

Skill Cortex is the system's capability cortex. When lacking ability, it autonomously acquires Skills from ClawHub or GitHub, then releases them after use. Every invocation is learned and reinforced by the cortex — future identical tasks fire as reflexes, bypassing search. Manages only short-term capability memory; never interferes with long-term Skills. Continuously restructures its own capability architecture through reinforcement and decay, achieving ongoing evolution.

Skill Cortex is the system's capability cortex. When lacking ability, it autonomously acquires Skills from ClawHub or GitHub, then releases them after use. Every invocation is learned and reinforced by the cortex — future identical tasks fire as reflexes, bypassing search. Manages only short-term capability memory; never interferes with long-term Skills. Continuously restructures its own capability architecture through reinforcement and decay, achieving ongoing evolution.

Skill Cortex is the system's capability cortex. When lacking ability, it autonomously acquires Skills from ClawHub or GitHub, then releases them after use. Every invocation is learned and reinforced by the cortex — future identical tasks fire as reflexes, bypassing search. Manages only short-term capability memory; never interferes with long-term Skills. Continuously restructures its own capability architecture through reinforcement and decay, achieving ongoing evolution.

Skill Cortex is the system's capability cortex. When lacking ability, it autonomously acquires Skills from ClawHub or GitHub, then releases them after use. Every invocation is learned and reinforced by the cortex — future identical tasks fire as reflexes, bypassing search. Manages only short-term capability memory; never interferes with long-term Skills. Continuously restructures its own capability architecture through reinforcement and decay, achieving ongoing evolution.

Track per-skill token usage and costs from OpenClaw session logs. Use when user asks about skill-level spending, which skill costs the most, or wants a per-skill cost breakdown. IMPORTANT: This is a bash-tool skill. You MUST use the bash/shell tool to execute commands.

Guide for creating effective skills. This skill should be used when users want to create a new skill (or update an existing skill) that extends Claude's capabilities with specialized knowledge, workflows, or tool integrations.

Design, test, review, and maintain agent skills for OpenClaw systems using multi-agent iterative refinement. Orchestrates Designer, Reviewer, and Tester subagents for quality-gated skill development. Use when user asks to "design skill", "review skill", "test skill", "audit skills", "refactor skill", or mentions "agent kit quality".

自动分析和优化 Agent Skill 的工具 - 监控使用情况、评估健康度、生成改进建议

Scan ClawHub skills for security vulnerabilities BEFORE installing. Use when installing new skills from ClawHub to detect prompt injections, malware payloads, hardcoded secrets, and other threats. Wraps clawhub install with Snyk Agent Scan pre-flight checks.

Security scanner that audits OpenClaw skills for malicious code, prompt injection, supply chain attacks, data exfiltration, and more

安全拦截型技能，确保安装任何技能前都经过 skill-vetter 的安全审查，输出审查报告并要求用户明确确认，禁止私自安装。

列出 OpenClaw Skills：以表格形式展示所有 skills、显示功能介绍、找出功能重复的 skills。Use when: 用户想知道安装了哪些 skills、某个 skill 是做什么的、或者想找出重复功能的 skills。

管理 OpenClaw Skills：以表格形式列出所有 skills、显示功能介绍、找出功能重复的 skills。Use when: 用户想知道安装了哪些 skills、某个 skill 是做什么的、或者想找出重复功能的 skills。

One-command publish a Claude Code skill to ALL major marketplaces: GitHub (npx skills), ClawHub, and community marketplaces (composiohq/awesome-claude-skills, anthropics/skills, daymade/claude-code-skills, obra/superpowers-marketplace). Validates SKILL.md, auto-generates missing files, creates repos, publishes, and submits PRs to community directories.

Scans installed skills, suggests L0-L3 priority tiers, and auto-configures skill injection policy. Use when: setting up skill priorities, optimizing token budget, or migrating to tiered skill architecture.

End-to-end workflow for publishing agent skills to GitHub, ClawdHub, and skills.sh. Handles repo creation, topic tagging, ClawdHub publish, skills.sh index request, and installation verification. Use when: "publish skill", "上架 skill", "发布技能", "submit to skills.sh", "submit to clawhub", "skill 上架流程".

Audit and fix all skills in the workspace for compliance with skill-creator requirements. Use when asked to "refine skills", "audit skills", "check skill quality", or "fix non-compliant skills". Exhaustively searches the entire workspace (not just skills/) to find every SKILL.md, then audits and repairs each one.

Release skills to ClawhHub through the full publication pipeline — auto-scaffolding, OPSEC scan, dual review (agent + user), force-push release, security scan verification. Use when releasing a skill, preparing a skill for release, reviewing a skill for publication, or checking release readiness.

Skills 安全安装工具 - 整合 Vetter 代码审查 + ClawHub 评分 + ThreatBook 沙箱扫描三层验证

Security scanner for OpenClaw skill packages. Scans skills for malicious code, evasion techniques, prompt injection, and misaligned behavior BEFORE installation. Use to audit any skill from ClawHub or local directories.

Scan OpenBot/Clawdbot skills for security vulnerabilities, malicious code, and suspicious patterns before installing them. Use when a user wants to audit a skill, check if a ClawHub skill is safe, scan for credential exfiltration, detect prompt injection, or review skill security. Triggers on security audit, skill safety check, malware scan, or trust verification.

Scan Clawdbot and MCP skills for malware, spyware, crypto-miners, and malicious code patterns before you install them. Security audit tool that detects data exfiltration, system modification attempts, backdoors, and obfuscation techniques.