skill-doctor
Skill Doctor
Boundary
Own this recurring job: audit local skill folders, estimate usage from local evidence, recommend cleanup direction, and flag security risks before install, execution, archive, or deletion.
Do not route here for:
- generic code security review outside a skill library
- one-off file cleanup with no skill audit
- creating a brand-new skill from scratch
- real destructive cleanup unless the user explicitly authorizes it
Default Workflow
- Run
scripts/run_skill_doctor.py <root> [more-roots]. - Generate
_skill_doctor_reports/<timestamp>/withreport.html,report.json,report.md, and clickable.commandactions. - Use Usage Evidence, Cleanup Rubric, and Security Rubric to interpret the scan.
- Return the HTML report path first, then summarize inventory, usage, cleanup, and security.
Operating Rules
- Stay read-only unless the user explicitly asks for cleanup actions.
- Treat usage frequency as an estimate derived from local evidence such as modification time and top-level inventory mentions.
- Do not present inferred frequency as telemetry or exact run counts.
- Escalate to
quarantinefor secret leakage, remote shell piping, private keys, or suspicious prompt injection or exfiltration behavior. - Prefer precise path-based evidence over generic statements.
- Separate hygiene issues from security issues. A stale skill is not automatically unsafe, and a recently modified skill can still be dangerous.
- Treat generated reports as local runtime artifacts. Do not commit
_skill_doctor_reports/back into the public repo unless the user explicitly wants a sanitized sample.
Outputs
Primary artifact:
- visual HTML report with summary cards, charts, recommendation modules, and per-skill action buttons
For each skill, provide inside the report:
- absolute path
- declared skill name and one-line purpose summary
- usage estimate:
active,warm,cold, orunknown - usage confidence:
low,medium, orhigh - cleanup level:
low,medium,high, orcritical - cleanup direction:
keep,repair,backup-then-archive,backup-then-delete, orquarantine - security level:
none,low,medium,high, orcritical - top evidence and findings that justify the recommendation
Order cleanup plans by security severity, cleanup level, and confidence that the skill is stale or disposable.
Resources
- Usage Evidence
- Cleanup Rubric
- Security Rubric
scripts/run_skill_doctor.pyscripts/scan_skills.pyscripts/skill_actions.pyevals/trigger_cases.jsonevals/semantic_config.json
More from yaojingang/yao-open-skills
yao-tutorial-skill
Create standalone beginner tutorial packages from a topic or supplied references, with adaptive research, course-style outline design, chapter visuals, and Markdown/DOCX/PDF/HTML exports. Use for textbook-like tutorials, course guides, teaching documents, or long beginner guides; not for quick answers, link summaries, pure diagrams, or file conversion.
37yao-bayesian-skill
Convert uncertain real-world choices into an auditable Bayesian evidence-to-action report with priors, evidence grading, posterior update, action thresholds, sensitivity checks, multi-turn decision logs, and Markdown plus bilingual HTML output. Do not use for Bayes theorem tutoring, homework, generic brainstorming with no report, or final licensed medical, legal, or financial advice.
16learning-builder
Create personalized learning tutorials from a learner profile and authority-first research. Use when the user wants a guided intake to clarify goals, background, constraints, and desired outcomes, then wants a structured tutorial or study guide assembled from official docs, standards, maintainer docs, regulator guidance, or other primary sources. Also use when the user wants the tutorial exported to Word or PDF, or wants to extend the finished tutorial into a personalized learning webpage. Do not use for one-off factual answers, generic blog writing, broad web research without a tutorial deliverable, or standalone webpage design with no learning packet.
5yao-kelly-skill
Turn uncertain resource-allocation requests into practical action plans using Kelly sizing as a conservative allocation engine. Use when a user needs to decide whether an opportunity is suitable for Kelly, what minimum action package to run, how much resource to cap, when to add or stop, and how to review results. Do not use for pure formula tutoring, guaranteed-return claims, martingale escalation, or final licensed investment, legal, or tax advice.
4yao-business-skill
Design, diagnose, and study business models from ideas, product websites, or company names. Use when asked to create options for a new idea, audit an existing product's monetization and competitors, or analyze a mature company's model and AI-era upgrade paths. Adjust for market, buyer, and operating environment, then output JSON plus HTML.
4yao-open-skills-sync
Manage the yao-open-skills public collection. Use this skill whenever the user wants to evaluate whether a local skill should be open sourced, import a local skill into the yao-open-skills repository, register which skills are already public, track GitHub sync status, or update the collection README and catalog after adding or refreshing a skill.
4