技能详情(站内镜像,无评论)
作者:Ank Wu @ankwu001
许可证:MIT-0
MIT-0 ·免费使用、修改和重新分发。无需归因。
版本:v0.0.2
统计:⭐ 0 · 293 · 4 current installs · 4 all-time installs
⭐ 0
安装量(当前) 4
🛡 VirusTotal :良性 · OpenClaw :可疑
Package:ankwu001/skill-cortex-pub
安全扫描(ClawHub)
- VirusTotal :良性
- OpenClaw :可疑
OpenClaw 评估
The Skill's description (autonomously finding, installing, and running third‑party Skills) is plausible, but the instructions ask the agent to fetch, install, execute, and persist metadata about external code while declaring no required binaries/permissions — several gaps leave the true runtime footprint unclear and potentially risky.
目的
The Skill claims to search ClawHub/GitHub and install/run other Skills, but the package declares no required binaries, no network access, and no CLI (README mentions the 'clawhub' CLI). Installing or building Skills normally requires tools (clawhub, git, package managers) and network access; the lack of declared dependencies is a mismatch between stated purpose and declared requirements.
说明范围
SKILL.md instructs the agent to read/write a persistent cortex file (~/.openclaw/skill-cortex/cortex.json), search external hubs, present candidates, install selected Skills, generate execution plans, run them, and update learning memory. Although it requires explicit user approval for installs and claims write operations never enter reflex, the instructions still enable fetching and executing arbitrary third‑party code and persisting behavior…
安装机制
There is no install spec (instruction-only), which lowers immediate disk-write risk from the skill bundle itself—but the Skill's runtime behavior depends on installing external Skills from ClawHub/GitHub. The mechanism, hosts, and commands used to install those Skills are not specified; that omission means arbitrary remote archives or repos could be pulled and executed, which is high risk unless clearly constrained to vetted sources and explic…
证书
The skill declares no required environment variables or primary credential, yet its DESIGN.md and examples reference reading env names (e.g., TODOIST_API_KEY), running 'which <key>', network endpoints, and possibly invoking other Skills that will need credentials. It may therefore prompt for or consume unrelated credentials during candidate validation or Skill installation; the credential needs and handling are not declared or constrained.
持久
always:false (good) and installs require user confirmation per SKILL.md, but the Skill creates and maintains a persistent cortex.json under ~/.openclaw/skill-cortex which stores routing and usage data. That persistent store includes signal words and metadata; DESIGN.md claims entity filtering, but the agent will still persist behavioral metadata locally — consider this a privacy/attack surface risk if third‑party Skills can read or exfiltrate it.
安装(复制给龙虾 AI)
将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。
请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「Skill Cortex Pub」。简介:Skill Cortex is the system's capability cortex. When lacking ability, it autono…。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/ankwu001/skill-cortex-pub/SKILL.md
(来源:yingzhi8.cn 技能库)SKILL.md
---
name: skill-cortex
description: >
Skill Cortex is the system's capability cortex.
When lacking ability, it autonomously acquires Skills from ClawHub or GitHub, then releases them after use.
Every invocation is learned and reinforced by the cortex — future identical tasks fire as reflexes, bypassing search.
Manages only short-term capability memory; never interferes with long-term Skills.
Continuously restructures its own capability architecture through reinforcement and decay, achieving ongoing evolution.
---
# Skill Cortex
Triggers when installed Skills cannot complete the current task. If you can handle it yourself, just do it — do not trigger this flow.
Cortex data file: ~/.openclaw/skill-cortex/cortex.json (schema in DESIGN.md).
## Phase 1: Perception
1. Read cortex.json (if missing or corrupt, skip to step 3).
2. Semantically match the users task description against sensory.patterns signals.
3. On miss, search ClawHub.
## Phase 2: Validation
Present candidates to the user with safety info. Wait for explicit approval before installing.
## Phase 3: Execution
Install the Skill, generate an execution plan, execute the task. On failure, auto-recover or switch to next candidate.
## Phase 4: Learning
Update the cortex memory. Successful Skills gain weight; failed ones decay.
## Boundary Rules
1. Never interfere with long-term Skills.
2. Installation requires user confirmation.
3. System dependency installation requires separate confirmation.
4. Write operations never enter reflex.
5. Max 2 candidate switches.