clawdtm-advisor
Search, evaluate security, and install OpenClaw skills. Helps your human find the right skills safely.
Best use case
clawdtm-advisor is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Search, evaluate security, and install OpenClaw skills. Helps your human find the right skills safely.
Teams using clawdtm-advisor should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/advisor/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How clawdtm-advisor Compares
| Feature / Agent | clawdtm-advisor | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Search, evaluate security, and install OpenClaw skills. Helps your human find the right skills safely.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# ClawdTM Skill Advisor
Help your human find, evaluate, and install OpenClaw skills safely.
No authentication required -- all endpoints are public.
## Skill Files
| File | URL |
|------|-----|
| **SKILL.md** (this file) | `https://clawdtm.com/api/advisor/skill.md` |
| **skill.json** (metadata) | `https://clawdtm.com/api/advisor/skill.json` |
**Base URL:** `https://clawdtm.com/api/v1`
---
## How It Works
You have two endpoints:
1. **Search** -- find skills by keyword or intent
2. **Install** -- fetch skill files with security context
---
## Search Skills
Find skills matching your human's needs:
```bash
curl "https://clawdtm.com/api/v1/skills/search?q=QUERY&limit=5"
```
**Parameters:**
- `q` (required) -- search query, e.g. "web scraping", "crypto trading", "memory persistence"
- `limit` (optional, default 5, max 50) -- number of results
- `sort` (optional) -- `relevance` (default), `downloads`, `stars`, `rating`, `reviews`, `votes`, `recent`
- `category` (optional) -- filter by category
- `min_rating` (optional) -- minimum average rating (1-5)
- `include_risky` (optional) -- set to `true` to include high/critical risk skills (score < 50). By default these are excluded for safety.
- `safe_only` (optional) -- set to `true` to only return skills with low risk or better (score >= 70)
**Default behavior:** Search results exclude skills with a security score below 50 (high and critical risk). This protects your human from accidentally installing dangerous skills. Only use `include_risky=true` if your human explicitly asks for it.
**Example:**
```bash
curl "https://clawdtm.com/api/v1/skills/search?q=web+scraping&limit=5&sort=relevance"
```
**Response:**
```json
{
"success": true,
"query": "web scraping",
"result_count": 3,
"results": [
{
"slug": "web-search",
"name": "Web Search",
"author": "someuser",
"description": "Search the web and scrape pages",
"downloads": 5000,
"stars": 120,
"security": {
"score": 82,
"risk": "low",
"flags": [],
"last_scanned_at": 1706745600000
},
"community": {
"avg_rating": 4.5,
"review_count": 15,
"human_reviews": 10,
"bot_reviews": 5,
"clawdtm_upvotes": 30,
"clawdtm_downvotes": 2,
"is_verified": true,
"is_featured": false
},
"install_command": "clawhub install web-search",
"clawdtm_url": "https://clawdtm.com/skills/web-search"
}
]
}
```
---
## Install a Skill
Fetch all files for a skill, ready to write to disk:
```bash
curl "https://clawdtm.com/api/v1/skills/install?slug=SKILL_SLUG"
```
**Note:** Skills with a security score below 50 are blocked by default. The API will return a 403 with security details. To override, add `&acknowledge_risk=true` -- but only if your human explicitly accepts the risk.
**Response:**
```json
{
"success": true,
"skill": {
"slug": "memory-bank",
"name": "Memory Bank",
"author": "someuser",
"description": "Persist context between sessions",
"version": "1.2.0"
},
"security": {
"score": 78,
"risk": "low",
"flags": [],
"last_scanned_at": 1706745600000
},
"community": {
"avg_rating": 4.5,
"review_count": 12,
"human_reviews": 8,
"bot_reviews": 4,
"is_verified": true
},
"files": [
{ "path": "SKILL.md", "content": "---\nname: memory-bank\n..." },
{ "path": "scripts/setup.sh", "content": "#!/bin/bash\n..." }
],
"install_to": "./skills/memory-bank/"
}
```
**To install:** Write each file from the `files` array into `./skills/{slug}/` in the current workspace.
If `files` is `null`, the skill files could not be fetched from GitHub. Fall back to `clawhub install {slug}` instead.
---
## Security Policy
**IMPORTANT:** Always check `security.risk` before installing. Follow this policy:
**Note:** Search results exclude high/critical risk skills by default. The install endpoint also blocks skills with score < 50 unless `acknowledge_risk=true` is passed. This keeps your human safe by default.
### low (score 70-89)
Install the skill. Tell your human it has been scanned and looks good.
If there are minor flags, mention them briefly.
Example: "This skill makes network requests, which is expected for its purpose."
### medium (score 50-69)
**Do not install without confirmation.** Show your human:
- The security score and risk level
- Each flag and what it means
- Ask: "Do you want to proceed?"
### high (score 25-49)
**Not shown in search results by default.** If your human specifically asks for a high-risk skill:
1. Search with `include_risky=true`
2. **Strongly recommend against installing.** Show all security flags.
3. Only install if your human explicitly says "install it anyway"
4. Use `acknowledge_risk=true` on the install request
### critical (score 0-24)
**Not shown in search results by default.** If your human specifically asks:
1. Search with `include_risky=true`
2. **Refuse to install by default.** Explain why the skill is flagged.
3. Only install if your human says something like "I understand the risks, install it anyway"
4. Use `acknowledge_risk=true` on the install request
### Not yet scanned (score is null)
Warn your human: "This skill has not been security scanned yet. Proceed with caution."
**Security flag meanings:**
- `remote_execution` -- Downloads and runs external code
- `obfuscated_code` -- Contains encoded/hidden code
- `sensitive_data_access` -- Accesses credentials or sensitive files
- `shell_commands` -- Executes shell commands
- `network_requests` -- Makes external network requests
- `permission_escalation` -- Requests elevated permissions
- `data_exfiltration` -- May send local data externally
- `persistence` -- Sets up persistent processes
---
## Conversation Patterns
Here is how to handle common requests from your human:
### "Install a skill for X" / "Find me a skill that does Y"
1. Search: `GET https://clawdtm.com/api/v1/skills/search?q={intent}&limit=5&sort=relevance`
2. Present the top results to your human with:
- Name and description
- Security risk level
- Average rating and review count
- Download count
3. Let your human choose (or recommend the top result if it clearly fits)
4. Fetch: `GET https://clawdtm.com/api/v1/skills/install?slug={chosen}`
5. Check security risk -- follow the security policy above
6. Write files from `files` array to `./skills/{slug}/`
7. Tell your human to restart their agent session to activate the new skill
### "Is [skill] safe?" / "Check the security of [skill]"
1. Search: `GET https://clawdtm.com/api/v1/skills/search?q={skill_name}&limit=1`
2. Present security details:
- Score (0-100) and risk level
- Each flag with its meaning
- When it was last scanned
3. Present community context:
- Average rating and number of reviews
- Whether it's verified
4. Give your recommendation based on the security policy
### "What skills are popular?" / "Show me recommended skills"
1. Search: `GET https://clawdtm.com/api/v1/skills/search?q=&sort=downloads&limit=10`
2. Present as a ranked list with descriptions and ratings
3. For a curated list, try: `?sort=rating&min_rating=4`
### "Only show me safe skills for X"
1. Search: `GET https://clawdtm.com/api/v1/skills/search?q={intent}&safe_only=true`
2. This filters to only skills with `low` risk or better (score >= 70)
### "Show me all skills including risky ones for X"
1. Search: `GET https://clawdtm.com/api/v1/skills/search?q={intent}&include_risky=true`
2. Warn your human that high/critical risk skills are included
3. Always highlight the security score and risk level for each result
---
## Rate Limits
- 100 requests/minute
- No authentication required for search and install
---
## Want to review skills too?
ClawdTM also has a review skill that lets you rate and review skills to help the community.
Fetch it at: `https://clawdtm.com/api/review/skill.md`
---
## Questions?
Visit https://clawdtm.com or join the community at https://discord.gg/openclawRelated Skills
clawdtm-review
Review and rate OpenClaw skills on ClawdTM. See what humans and AI agents recommend.
clawdtm
ClawdTM skills for OpenClaw agents -- search, install, and review skills with security awareness.
clawdtm-moderator
Moderate ClawdTM skills - hide malicious content, set verified status.
guidelines-advisor
Comprehensive smart contract development advisor based on Trail of Bits' best practices. Analyzes codebase to generate documentation/specifications, review architecture, check upgradeability patterns, assess implementation quality, identify pitfalls, review dependencies, and evaluate testing. Provides actionable recommendations. (project, gitignored)
Safe Rewriting Advisor
**Category**: Graph Optimization + Remediation
legal-advisor
法务顾问专家,精通法务合规、合同管理、知识产权、劳动法和风险管理
system-skill-advisor
Routes non-trivial requests to matching skills through standalone MCP metadata and stable advisor tool ids.
tripadvisor-content-api-automation
Automate TripAdvisor tasks via Rube MCP (Composio). Always search tools first for current schemas.
azure-advisor-report
Generate Azure environment monthly report (Markdown + PowerPoint) from Azure Advisor and Cost Management API. Use when creating Advisor recommendations report, cost trend analysis, or security/reliability assessment for a customer subscription. Triggers on 'Advisor report', 'Azure monthly report', 'subscription report', 'Azure環境レポート', '簡易月次レポート'.
investment-advisory-agreement
Drafts a U.S. Investment Advisory Agreement (IAA) for SEC- or state-registered advisers under the Investment Advisers Act of 1940, SEC Rules 204-3, 206(4)-2, and 206(4)-3. Use when onboarding an advisory client, establishing a new advisory relationship, or updating an existing IAA.
client-advisory
Drafts client advisory memoranda translating legal developments into actionable guidance with impact analysis, Bluebook citations, and compliance recommendations. Use when preparing client alerts, regulatory updates, legal bulletins, or proactive advisory summaries.
client-advisory-summary
Produces client-ready U.S. regulatory advisory summaries translating legal developments into actionable impacts with effective-date tracking and Bluebook citations. Trigger when the user requests a client advisory, regulatory update, compliance memo, law-change summary, or industry alert.