The Mapick Butler β Skill lifecycle management Β· smart recommendations Β· bundle suggestions
Website Β |Β Discord Β |Β Install Β |Β Commands Β |Β
The AI skill manager for OpenClaw. Protects your privacy, recommends what you need, cleans what you don't use, and blocks what's unsafe.
openclaw skills install mapick
No setup needed. Just talk to your agent after installing.
ClawHub has 57,000+ skills. You followed a tutorial, installed 40 of them, and now:
- Every skill you installed can see everything you do β this isn't a bug, it's how OpenClaw works. Every skill runs inside your conversation context, legitimately reading your chat history, code snippets, and any sensitive values you paste in. 40 skills = 40 pairs of eyes. Security scanning doesn't solve this β the code isn't malicious, the permissions are normal. The problem is you have no privacy layer at all.
- You're missing 3 critical skills that would save you 9 hours a week β but you don't know they exist
- 19 are zombies β installed but never used, bloating your context window, slowing your agent down
Mapick adds a privacy layer, finds the skills you actually need, and cleans out the junk.
π Every byte leaving your machine gets redacted first
π― Not a popularity list β quantified efficiency gaps
π§Ή 19 zombies found β 40% context reduction after cleanup
π‘οΈ Grade B β eval() detected, safer alternative suggested
π 3AM Committer β 1,847 calls this month, peak hours 23:00β03:00
π¦ One command to install an entire toolchain
openclaw skills install mapickDownload, review, then run:
curl -fsSL https://raw.githubusercontent.com/mapick-ai/mapick/v0.0.24/install.sh -o install.sh
less install.sh # review before running
bash install.shOr with wget:
wget https://raw.githubusercontent.com/mapick-ai/mapick/v0.0.24/install.sh
bash install.shPin a specific version:
curl -fsSL https://raw.githubusercontent.com/mapick-ai/mapick/main/install.sh -o install.sh
less install.sh
MAPICK_VERSION=v0.0.24 bash install.sh
Then talk to your agent:
"Is my data safe?"
"Recommend skills for my workflow"
"Clean up unused skills"
"Is this skill safe?"
"Analyze my persona"
"Show me bundles"
Requirements: OpenClaw, Node.js (>=22.14, OpenClaw recommends 24), curl.
Every skill you install runs in the same conversation context, legitimately reading everything you do. Mapick adds a redaction layer before data leaves your machine β regardless of whether other skills are malicious or not, your sensitive information comes out as [REDACTED].
you: Is my data safe?
mapick: β
Privacy status
Redaction engine: running (23 rules)
Data sent: skill IDs + timestamps only (anonymized)
Sensitive values β [FILTERED]
Source audit: scripts/redact.js
The redaction engine (scripts/redact.js) pattern-matches 20+ sensitive patterns and replaces them with [REDACTED] before transmission:
- Provider access strings (OpenAI, Anthropic, Stripe, AWS, GitHub, Slack, etc.)
- SSL/TLS certificates and signed session strings
- Database connection URIs (PostgreSQL, MySQL, MongoDB)
- Personal identity information (national IDs, SSN, phone numbers, passport numbers, etc.)
- URL query parameters carrying sensitive values
- Absolute file paths containing usernames
The code is open source. You can read every rule, verify every pattern, and add your own.
Decline all data sharing at any time:
/mapick privacy consent-decline β local-only mode (status/scan/clean/uninstall/privacy keep working; remote recommendations/search/security/reports/bundles/share are refused)
/mapick privacy delete-all --confirm β GDPR Article 17: delete everything
Not a popularity list. Mapick analyzes what you actually do and tells you what's missing β with the cost of not having it.
you: Recommend something useful
Analyzing your workflow...
mapick: Detected 3 efficiency gaps:
1. code-review β automated PR review
You manually reviewed 23 PRs last week, ~15 min each
Install to save ~5.7 hours/week Grade A
2. log-analyzer β intelligent log analysis
You read logs 4x/day, scrolling 200+ lines each time
Install to save ~40 min/day Grade A
3. ci-monitor β CI/CD status monitoring
You checked CI status manually 47 times this week
Install for automatic push notifications Grade A
Total: ~9.4 hours saved per week
Reply with numbers to install, or "install all"
Cold start uses category matching + popularity. After 7 days, behavioral signals take over. C-grade skills never appear in recommendations.
You followed a "must-have skills" tutorial and installed 40 skills. 19 of them have never been used.
you: Clean up
Scanning 47 installed skills...
mapick: Found 19 zombies (never used or 30+ days idle)
These eat your context window and slow your agent down
Never used (installed from a tutorial?):
1. capability-evolver installed 61 days, 0 calls
2. self-improving-agent installed 61 days, 0 calls
3. agent-memory-ultimate installed 58 days, 0 calls
4. wacli installed 55 days, 0 calls
5. byte-rover installed 55 days, 0 calls
6. atxp installed 49 days, 0 calls
7. sonoscli installed 44 days, 0 calls
8. ascii-art-generator installed 41 days, 0 calls
...6 more never-used
Previously used but idle:
15. csv-converter last used 47 days ago
16. pdf-reader last used 61 days ago
17. translate-tool last used 89 days ago
18. image-gen last used 34 days ago
19. weather-skill last used 52 days ago
Clean 19 zombies β 40% context reduction, faster responses
Reply "clean all" or pick numbers (e.g. "1-8 15 17")
When you uninstall, Mapick asks why (duplicate / too complex / didn't deliver / one-time use). That feedback loops back into the recommendation engine β it won't suggest similar skills next time.
Every skill gets a grade before you install it.
you: Is super-helper safe?
mapick: β οΈ Grade B (72/100)
Code scan: eval() found
Permissions: requests network:all, only needs network:api
Typosquatting: not detected
Suggested A-grade alternative: safe-helper
Four scoring dimensions:
| Dimension | Weight | What it checks |
|---|---|---|
| Code scan | 40% | eval(), exec(), rm -rf, prompt injection patterns |
| Permissions | 25% | Declared vs. actually used β are they consistent? |
| Community | 20% | Install count, retention rate, reports filed |
| External scan | 15% | VirusTotal integration |
Grade A = safe. Grade B = warning shown. Grade C = blocked, alternatives displayed.
Also detects typosquatting β skills whose names are 1-2 characters off from popular ones (the ClawHavoc attack pattern).
13 persona types matched from your actual usage data.
you: Analyze me
Analyzing 67 days of usage data...
mapick:
βββββββββββββββββββββββββββββββββββββββββββ
β π 3AM Committer β
β "Fixing bugs at midnight, commits β
β with dark circles under your eyes" β
βββββββββββββββββββββββββββββββββββββββββββ€
β Core stack github Β· docker Β· summarizeβ
β Skills 47 installed Β· 14 active β
β Activation 30% β below 73% of users β
βββββββββββββββββββββββββββββββββββββββββββ€
β This month β
β Skill calls 1,847 (61/day avg) β
β Active days 28 / 30 β
β Peak hours 23:00 β 03:00 β
β Longest run 6.5h (Mon, Mar 17) β
β AI spend $42.7 Β· 12.5M units β
βββββββββββββββββββββββββββββββββββββββββββ€
β Shadow persona π¦ Install First β
βββββββββββββββββββββββββββββββββββββββββββ
π€ Share card β s.mapick.ai/a8k2x1
Shareable as a visual card with OG tags β preview directly in WeChat, Twitter/X, Telegram. Designed to make people curious about their own type.
11 pre-built bundles matched to your persona.
you: Any bundle recommendations?
mapick: Based on your 3AM Committer profile:
π¦ Full-Stack Developer (7 skills)
github Β· docker-manage Β· code-review
ci-monitor Β· log-analyzer Β· db-helper Β· api-tester
You have 3/7, need 4 more
π¦ DevOps (5 skills)
k8s-manager Β· terraform Β· ansible Β· prometheus Β· grafana
You have 0/5
Reply "install full-stack" or "install devops"
Available bundles: Full-Stack Developer Β· Content Creator Β· DevOps Β· Data Analyst Β· Deep Research Β· Security Audit Β· Second Brain Β· Workflow Automation Β· Google Workspace Β· Multi-Platform Comms Β· pnpm Monorepo
Your machine (OpenClaw)
βββββββββββββββββββββββββββββββββββ
β ~/.openclaw/skills/mapick/ β
β βββ SKILL.md β AI reads β
β βββ scripts/ β commands β
β β βββ shell.js β
β β βββ redact.js β privacy β
β βββ reference/ β docs β
β βββ CONFIG.md β state β
β β
β All sensitive data stays here β
ββββββββββββ¬βββββββββββββββββββββββ
β only: skill IDs
β + timestamps (anon)
βΌ
ββββββββββββββββββββββββββββββββ
β Mapick API (cloud) β
β Recommendation engine β
β Security scanner β
β Persona matching β
β Sync service β
ββββββββββββββββββββββββββββββββ
Mapick's skill-side code β everything that runs on your machine β is fully open source. This is not a gesture. It's a design decision.
40 skills are reading your context, and security scanning can't help with that. In early 2026, ClawHavoc exposed malicious skills, but even skills that pass every scan legitimately read your chat history and code. Security scanning checks whether code is malicious. Mapick protects the data exit. When you install a skill, you need to know exactly what your privacy layer is doing. With Mapick, you can:
- Read every line of
redact.jsβ see exactly what gets filtered - Read
shell.jsβ see every command that runs - Read
SKILL.mdβ see every instruction the AI follows - Verify that only anonymized skill IDs and timestamps leave your machine
Open (this repo): Everything on your machine. SKILL.md, shell scripts, redaction engine, reference docs. MIT licensed. Audit it, fork it, improve it.
Closed: The cloud API β recommendation algorithms, security scanning rules, persona models, aggregated user behavior data. Every user's anonymized data makes recommendations better for everyone. The algorithms and aggregate data stay on our servers.
Why not open source everything? Two reasons. First, opening the security scanner's detection rules would let malicious skill authors bypass them. Second, the recommendation engine's value comes from aggregated behavioral data across all users β the code without the data is useless, and the data can't be open sourced.
Your contributions protect everyone. Add a redaction rule to redact.js and every Mapick user's data gets safer. Improve intent recognition for your language and every speaker of that language gets a better experience. That's the leverage of open source done right.
| Collected | NOT collected |
|---|---|
| Skill IDs (which skills you have) | File contents |
| Install/uninstall timestamps | Conversation history |
| Invocation counts (usage frequency) | Sensitive values |
| Anonymized device fingerprint | Name, email, or identity |
All data passes through redact.js before transmission. Decline everything: /mapick privacy consent-decline. Delete everything: /mapick privacy delete-all --confirm.
We especially need:
- π Language support β Help Mapick understand intents in your language
- π Redaction rules β Spotted a pattern we don't catch? Add it to
redact.js - π‘οΈ Security patterns β Found a new malicious skill technique? Let us know
- π Bug reports β Open an issue
See CONTRIBUTING.md for guidelines.
- π mapick.ai β Website
- π€ s.mapick.ai β Persona sharing
- π Privacy policy
- π Terms of service
- π§ contact@mapick.ai Β· privacy@mapick.ai
Skill client code (this repo): MIT License Cloud API: Proprietary