Advanced skill creation and management tool with automated version control, intelligent diff, risk assessment, rollback, semantic versioning, and test automa...
Security Analysis
high confidenceThe skill's code and runtime instructions are consistent with its stated purpose (skill creation, packaging, versioning, rollback) and do not request unrelated credentials or external network access, though it performs potentially destructive local file operations (backups, restores, deletions) which are expected for this functionality.
The name/description match the included scripts (init_skill.py, package_skill.py, backup.py, diff.py, rollback.py, proposal.py, validate-modify.py, mark-stable.py, etc.). No unrelated environment variables, binaries, or external services are requested. The feature set is proportional to the files provided.
SKILL.md and the scripts keep scope to skill creation/management. However, the runtime instructions and scripts perform local filesystem operations (copying skill directories to ~/.openclaw/skill-backups, removing/overwriting target directories during rollback, writing proposal metadata) and will prompt for confirmation in some flows. These filesystem changes are coherent with purpose but are potentially destructive if used accidentally.
No install spec is provided (instruction-only skill) and all support code is bundled with the skill. There are no downloads from remote URLs or package manager installs that would increase risk.
No credentials or environment variables are required. Scripts use user-local paths under the home directory (~/.openclaw/...) to store backups and proposals which is consistent with a versioning tool and does not request unrelated secrets.
The skill does not require always:true and does not request extra privileges, but it writes and deletes files in the user's filesystem (backups and rollbacks). This is expected for its purpose but is an important operational privilege—rollback will remove the current target directory and replace it with backed-up content.
Guidance
This package appears to do what it says: create, package, back up, compare, and roll back skills using local files under ~/.openclaw. Before installing or running: (1) Review the bundled scripts yourself—rollback.py and backup.py will remove and overwrite directories and write to ~/.openclaw; ensure you point them at test copies or confirm paths. (2) Be aware rollback uses shutil.rmtree on the target path (destructive) and runs backup via subprocess; keep important data backed up elsewhere. (3) There is no network/exfiltration code found in the provided files, but always inspect any install.py/migrate.py referenced by SKILL.md—SKILL.md mentions migrate.py though that file was not present in the manifest (minor inconsistency to check). (4) Consider running first in a sandbox or VM and ensure you have filesystem backups for any real skill directories you care about.
Latest Release
v1.0.0
- Initial release of better-skill-creator: an enhanced tool for skill creation, editing, and version management. - Adds built-in end-to-end version control with automatic backups, intelligent diff comparison, risk assessment, and semantic versioning. - Supports interactive rollback to previous versions with difference previews. - Automates requirement plan confirmation, change reporting, and includes built-in test verification. - Fully compatible with native skill-creator, retaining all original functions and usage. - Provides migration support for existing installations and historical data.
More by @zzzanezhou0829
Published by @zzzanezhou0829 on ClawHub
