ClawdTM Skill Advisor
Help your human find, evaluate, and install OpenClaw skills safely.
No authentication required -- all endpoints are public.
Skill Files
| File | URL |
|---|
| SKILL.md (this file) | INLINECODE0 |
| skill.json (metadata) |
https://clawdtm.com/api/advisor/skill.json |
Base URL: https://clawdtm.com/api/v1
How It Works
You have two endpoints:
- 1. Search -- find skills by keyword or intent
- Install -- fetch skill files with security context
Search Skills
Find skills matching your human's needs:
CODEBLOCK0
Parameters:
- -
q (required) -- search query, e.g. "web scraping", "crypto trading", "memory persistence" - INLINECODE4� (optional, default 5, max 50) -- number of results
- INLINECODE5� (optional) --
relevance (default), downloads, stars, rating, reviews, votes, �INLINECODE12 - INLINECODE13� (optional) -- filter by category
- INLINECODE14� (optional) -- minimum average rating (1-5)
- INLINECODE15� (optional) -- set to
true to include high/critical risk skills (score < 50). By default these are excluded for safety. - INLINECODE17� (optional) -- set to
true to only return skills with low risk or better (score >= 70)
Default behavior: Search results exclude skills with a security score below 50 (high and critical risk). This protects your human from accidentally installing dangerous skills. Only use include_risky=true if your human explicitly asks for it.
Example:
�CODEBLOCK1
Response:
{
"success": true,
"query": "web scraping",
"result_count": 3,
"results": [
{
"slug": "web-search",
"name": "Web Search",
"author": "someuser",
"description": "Search the web and scrape pages",
"downloads": 5000,
"stars": 120,
"security": {
"score": 82,
"risk": "low",
"flags": [],
"last_scanned_at": 1706745600000
},
"community": {
"avg_rating": 4.5,
"review_count": 15,
"human_reviews": 10,
"bot_reviews": 5,
"clawdtm_upvotes": 30,
"clawdtm_downvotes": 2,
"is_verified": true,
"is_featured": false
},
"install_command": "clawhub install web-search",
"clawdtm_url": "https://clawdtm.com/skills/web-search"
}
]
}
Install a Skill
Fetch all files for a skill, ready to write to disk:
CODEBLOCK3
Note: Skills with a security score below 50 are blocked by default. The API will return a 403 with security details. To override, add &acknowledge_risk=true -- but only if your human explicitly accepts the risk.
Response:
�CODEBLOCK4
To install: Write each file from the files array into ./skills/{slug}/ in the current workspace.
If files is null, the skill files could not be fetched from GitHub. Fall back to clawhub install {slug} instead.
Security Policy
IMPORTANT: Always check security.risk before installing. Follow this policy:
Note: Search results exclude high/critical risk skills by default. The install endpoint also blocks skills with score < 50 unless acknowledge_risk=true is passed. This keeps your human safe by default.
low (score 70-89)
Install the skill. Tell your human it has been scanned and looks good.
If there are minor flags, mention them briefly.
Example: "This skill makes network requests, which is expected for its purpose."
medium (score 50-69)
Do not install without confirmation. Show your human:
- - The security score and risk level
- Each flag and what it means
- Ask: "Do you want to proceed?"
high (score 25-49)
Not shown in search results by default. If your human specifically asks for a high-risk skill:
- 1. Search with �INLINECODE28
- Strongly recommend against installing. Show all security flags.
- Only install if your human explicitly says "install it anyway"
- Use
acknowledge_risk=true on the install request
critical (score 0-24)
Not shown in search results by default. If your human specifically asks:
- 1. Search with �INLINECODE30
- Refuse to install by default. Explain why the skill is flagged.
- Only install if your human says something like "I understand the risks, install it anyway"
- Use
acknowledge_risk=true on the install request
Not yet scanned (score is null)
Warn your human: "This skill has not been security scanned yet. Proceed with caution."
Security flag meanings:
- -
remote_execution -- Downloads and runs external code - INLINECODE33� -- Contains encoded/hidden code
- INLINECODE34� -- Accesses credentials or sensitive files
- INLINECODE35� -- Executes shell commands
- INLINECODE36� -- Makes external network requests
- INLINECODE37� -- Requests elevated permissions
- INLINECODE38� -- May send local data externally
- INLINECODE39� -- Sets up persistent processes
Conversation Patterns
Here is how to handle common requests from your human:
"Install a skill for X" / "Find me a skill that does Y"
- 1. Search: �INLINECODE40
- Present the top results to your human with:
- Name and description
- Security risk level
- Average rating and review count
- Download count
- 3. Let your human choose (or recommend the top result if it clearly fits)
- Fetch: �INLINECODE41
- Check security risk -- follow the security policy above
- Write files from
files array to �INLINECODE43 - Tell your human to restart their agent session to activate the new skill
"Is [skill] safe?" / "Check the security of [skill]"
- 1. Search: �INLINECODE44
- Present security details:
- Score (0-100) and risk level
- Each flag with its meaning
- When it was last scanned
- 3. Present community context:
- Average rating and number of reviews
- Whether it's verified
- 4. Give your recommendation based on the security policy
"What skills are popular?" / "Show me recommended skills"
- 1. Search: �INLINECODE45
- Present as a ranked list with descriptions and ratings
- For a curated list, try: �INLINECODE46
"Only show me safe skills for X"
- 1. Search: �INLINECODE47
- This filters to only skills with
low risk or better (score >= 70)
"Show me all skills including risky ones for X"
- 1. Search: �INLINECODE49
- Warn your human that high/critical risk skills are included
- Always highlight the security score and risk level for each result
Rate Limits
- - 100 requests/minute
- No authentication required for search and install
Want to review skills too?
ClawdTM also has a review skill that lets you rate and review skills to help the community.
Fetch it at: https://clawdtm.com/api/review/skill.md
Questions?
Visit https://clawdtm.com or join the community at https://discord.gg/openclaw
ClawdTM 技能顾问
帮助您的人类安全地查找、评估和安装 OpenClaw 技能。
无需认证——所有端点均为公开访问。
技能文件
| 文件 | URL |
|---|
| SKILL.md(本文件) | https://clawdtm.com/api/advisor/skill.md |
| skill.json(元数据) |
https://clawdtm.com/api/advisor/skill.json |
基础 URL: https://clawdtm.com/api/v1
工作原理
您有两个端点:
- 1. 搜索——通过关键词或意图查找技能
- 安装——获取带安全上下文的技能文件
搜索技能
查找符合您人类需求的技能:
bash
curl https://clawdtm.com/api/v1/skills/search?q=QUERY&limit=5
参数:
- - q(必填)——搜索查询,例如网页抓取、加密货币交易、记忆持久化
- limit(可选,默认 5,最大 50)——返回结果数量
- sort(可选)——relevance(默认)、downloads、stars、rating、reviews、votes、recent
- category(可选)——按类别筛选
- minrating(可选)——最低平均评分(1-5)
- includerisky(可选)——设为 true 以包含高风险/严重风险技能(评分 < 50)。默认情况下为安全起见会排除这些技能。
- safe_only(可选)——设为 true 以仅返回低风险或更优(评分 >= 70)的技能
默认行为: 搜索结果会排除安全评分低于 50(高风险和严重风险)的技能。这可以保护您的人类免于意外安装危险技能。仅在您的人类明确要求时才使用 include_risky=true。
示例:
bash
curl https://clawdtm.com/api/v1/skills/search?q=web+scraping&limit=5&sort=relevance
响应:
json
{
success: true,
query: web scraping,
result_count: 3,
results: [
{
slug: web-search,
name: Web Search,
author: someuser,
description: Search the web and scrape pages,
downloads: 5000,
stars: 120,
security: {
score: 82,
risk: low,
flags: [],
lastscannedat: 1706745600000
},
community: {
avg_rating: 4.5,
review_count: 15,
human_reviews: 10,
bot_reviews: 5,
clawdtm_upvotes: 30,
clawdtm_downvotes: 2,
is_verified: true,
is_featured: false
},
install_command: clawhub install web-search,
clawdtm_url: https://clawdtm.com/skills/web-search
}
]
}
安装技能
获取技能的所有文件,准备写入磁盘:
bash
curl https://clawdtm.com/api/v1/skills/install?slug=SKILL_SLUG
注意: 安全评分低于 50 的技能默认被阻止。API 将返回 403 状态码及安全详情。要覆盖此限制,请添加 &acknowledge_risk=true——但仅在您的人类明确接受风险时使用。
响应:
json
{
success: true,
skill: {
slug: memory-bank,
name: Memory Bank,
author: someuser,
description: Persist context between sessions,
version: 1.2.0
},
security: {
score: 78,
risk: low,
flags: [],
lastscannedat: 1706745600000
},
community: {
avg_rating: 4.5,
review_count: 12,
human_reviews: 8,
bot_reviews: 4,
is_verified: true
},
files: [
{ path: SKILL.md, content: ---\nname: memory-bank\n... },
{ path: scripts/setup.sh, content: #!/bin/bash\n... }
],
install_to: ./skills/memory-bank/
}
安装方法: 将 files 数组中的每个文件写入当前工作空间的 ./skills/{slug}/ 目录。
如果 files 为 null,则无法从 GitHub 获取技能文件。请回退使用 clawhub install {slug} 命令。
安全策略
重要提示: 安装前务必检查 security.risk。请遵循以下策略:
注意: 搜索结果默认排除高风险/严重风险技能。安装端点也会阻止评分低于 50 的技能,除非传递了 acknowledge_risk=true。这默认保护了您的人类安全。
低风险(评分 70-89)
安装该技能。告知您的人类该技能已通过扫描且状态良好。
如果存在轻微标记,简要提及即可。
例如:该技能会发起网络请求,这符合其预期用途。
中等风险(评分 50-69)
未经确认不得安装。 向您的人类展示:
- - 安全评分和风险等级
- 每个标记及其含义
- 询问:您是否要继续?
高风险(评分 25-49)
默认不在搜索结果中显示。 如果您的人类特别要求高风险技能:
- 1. 使用 includerisky=true 进行搜索
- 强烈建议不要安装。 展示所有安全标记。
- 仅当您的人类明确表示无论如何都安装时才安装
- 在安装请求中使用 acknowledgerisk=true
严重风险(评分 0-24)
默认不在搜索结果中显示。 如果您的人类特别要求:
- 1. 使用 includerisky=true 进行搜索
- 默认拒绝安装。 解释该技能被标记的原因。
- 仅当您的人类说出类似我了解风险,无论如何都安装时才安装
- 在安装请求中使用 acknowledgerisk=true
尚未扫描(评分为 null)
警告您的人类:该技能尚未进行安全扫描。请谨慎操作。
安全标记含义:
- - remoteexecution——下载并运行外部代码
- obfuscatedcode——包含编码/隐藏代码
- sensitivedataaccess——访问凭据或敏感文件
- shellcommands——执行 shell 命令
- networkrequests——发起外部网络请求
- permissionescalation——请求提升权限
- dataexfiltration——可能将本地数据发送到外部
- persistence——设置持久化进程
对话模式
以下是处理您人类常见请求的方法:
安装一个用于 X 的技能 / 帮我找一个能做 Y 的技能
- 1. 搜索:GET https://clawdtm.com/api/v1/skills/search?q={intent}&limit=5&sort=relevance
- 向您的人类展示最佳结果,包括:
- 名称和描述
- 安全风险等级
- 平均评分和评论数量
- 下载次数
- 3. 让您的人类选择(如果最佳结果明显符合需求,可推荐)
- 获取:GET https://clawdtm.com/api/v1/skills/install?slug={chosen}
- 检查安全风险——遵循上述安全策略
- 将 files 数组中的文件写入 ./skills/{slug}/
- 告知您的人类重启其代理会话以激活新技能
[技能] 安全吗? / 检查 [技能] 的安全性
- 1. 搜索:GET https://clawdtm.com/api/v1/skills/search?q={skill_name}&limit=1
- 展示安全详情:
- 评分(0-100)和风险等级
- 每个标记及其含义
- 上次扫描时间
- 3. 展示社区背景:
- 平均评分和评论数量
- 是否经过验证
- 4. 根据安全策略给出您的建议
哪些技能比较受欢迎? / 给我推荐一些技能
- 1. 搜索:GET https://clawdtm.com/api/v1/skills/search?q=&sort=downloads&limit=10
- 以排名列表形式展示,包含描述和评分
3.
