← Back to Skills Marketplace
Clawhub Skill Compliance
by
Taoyi CHEN
· GitHub ↗
· v1.2.2
· MIT-0
112
Downloads
0
Stars
0
Active Installs
5
Versions
Install in OpenClaw
/install clawhub-skill-compliance
Description
Pre-flight checklist for ClawHub skill publishing. Focus: metadata completeness, dependency transparency, security scope documentation. Use when: (1) prepari...
README (SKILL.md)
ClawHub Skill Compliance Checklist
Purpose: Ensure skills have complete metadata, transparent dependencies, and clear security scope before publishing.
Target: Legitimate skill authors seeking clean publishing status.
Pre-flight Checklist
1. Metadata Completeness
| Check | Fix |
|---|---|
Missing name? |
Add: name: skill-name |
Vague description? |
Add triggers: "Use when: X, Y" |
| Missing exclusions? | Add: "NOT for: simple X" |
2. Dependency Transparency
| Check | Fix |
|---|---|
| References external skill? | Declare: dependencies.skills |
| Uses specific tools? | Declare: dependencies.tools |
| Forced skill loading? | Make optional |
Transparency principle: All dependencies should be declared in frontmatter.
3. Environment Variables
| Check | Fix |
|---|---|
| Uses API keys? | Declare: env.optional |
| Hardcoded secrets? | Use annotated placeholder |
Placeholder format: \x3Cyour-api-key> (not actual values)
4. Security Scope
| Check | Fix |
|---|---|
| Missing section? | Add Security Scope |
| Unclear capabilities? | List: does / does NOT |
Template:
## Security Scope
**What this skill does**: [list]
**What this skill does NOT**: [list]
5. Instruction Consistency
| Check | Fix |
|---|---|
| Header contradicts examples? | Align both |
| Shows excluded behavior? | Remove from examples |
6. Platform Commands
| Check | Fix |
|---|---|
| Platform-specific command? | Mark as optional |
7. Content Simplicity
| Check | Fix |
|---|---|
| Complex examples? | Simplify for clarity |
| Redundant details? | Consolidate into tables |
Simplicity principle: Clear, concise content is easier for scanners to analyze accurately.
8. Safe Package References
| Check | Fix |
|---|---|
| Using remote execution? | Prefer global install |
Using npx -y? |
Remove (no verification bypass) |
Safe pattern: Verify package, install globally, use binary name.
Transparency Guidelines
When simplifying content:
- Use annotated placeholders:
\x3Cyour-api-key>,\x3Cproject-url> - Keep necessary context: Security scope, dependencies
- Don't remove security information: Keep what reviewers need
- Log all changes: Track what was simplified and why
Goal: Accurate scanner analysis, not hiding content.
Security Warning
This skill is for legitimate skill authors only.
Do NOT use this checklist:
- To publish malicious content
- To hide harmful behavior
- To bypass legitimate security reviews
Misuse: Using these guidelines for malicious skills violates trust and may result in account suspension.
Issue Coverage
| Category | Coverage |
|---|---|
| Metadata completeness | 100% |
| Dependency transparency | 100% |
| Security scope | 100% |
| Instruction consistency | 90% |
| Safe package references | 100% |
Compliance Checklist v2.2 - 2026-04-05
Usage Guidance
This is a documentation-only compliance checklist and appears coherent with its stated purpose. Before publishing or relying on it: (1) confirm any future code added to accompany this checklist declares dependencies and env vars exactly as the checklist recommends, (2) verify that placeholders are not replaced with real secrets in published files, and (3) remember that the absence of code/scan findings here means there's nothing for the scanner to analyze — if someone later attaches install scripts or downloads, re-review the install spec and any external URLs for unexpected behavior.
Capability Analysis
Type: OpenClaw Skill
Name: clawhub-skill-compliance
Version: 1.2.2
The skill bundle 'clawhub-skill-compliance' is a documentation-focused tool designed to help developers audit their skills for metadata completeness and security transparency. The files SKILL.md and references/fix-patterns.md provide checklists and templates that promote security best practices, such as declaring dependencies, using placeholders for secrets, and documenting security scopes. No malicious code, data exfiltration, or harmful prompt-injection instructions were found; the content is entirely aligned with its stated purpose of improving skill quality and compliance.
Capability Assessment
Purpose & Capability
The skill claims to be a pre-flight compliance checklist and is implemented purely as prose templates and guidance. It requests no binaries, credentials, or installs — which is appropriate for a documentation/checklist tool.
Instruction Scope
SKILL.md contains checklist items, templates, and safe guidance (placeholders for secrets, declaration of dependencies, security-scope templates). It does not instruct reading local files, sending data to external endpoints, or executing commands, so the runtime instruction surface is minimal and aligned with the stated purpose.
Install Mechanism
No install specification and no code files are included; this is the lowest-risk pattern for a documentation-only skill. Nothing is written to disk or fetched at install time.
Credentials
The skill declares no required environment variables or credentials and only recommends documenting any env vars that a real skill would use. There are no unexplained secret requests.
Persistence & Privilege
always is false and model-invocation is allowed by default. The skill makes no requests to modify agent/system configuration and requires no persistent presence; privileges are minimal and appropriate.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install clawhub-skill-compliance - After installation, invoke the skill by name or use
/clawhub-skill-compliance - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.2.2
**Updated checklist and documentation to clarify compliance and simplify structure:**
- Refined focus on metadata completeness, dependency transparency, and security scope documentation.
- Added and clarified author, provenance, and intended use in SKILL.md frontmatter.
- Reorganized checklist: condensed and reworded steps for clarity and ease of use.
- Strengthened language on ethical use and explicit warnings against misuse.
- Added guidelines for using placeholders and ensuring transparency.
- Updated section on safe package references, removing ambiguous or risky patterns.
v1.2.1
- Streamlined and condensed checklist instructions for faster review and improved clarity.
- Added explicit trigger word list and URL placeholder guidance to strengthen VirusTotal false-positive prevention.
- Simplified environment variable, dependency, and remote execution sections to focus on critical actions.
- Enhanced coverage tables and checklist steps for easier checklist execution.
- Updated resource references for quick access to fix patterns.
v1.2.0
**Summary:**
Adds dedicated guidance for VirusTotal false-positive prevention and improves overall checklist clarity and safety.
- Added new VirusTotal False-Positive Prevention section with specific checks and fix patterns.
- Updated compliance coverage estimate from 80%+ to 90%+ of common ClawHub and VirusTotal issues.
- Clarified and strengthened requirements for remote execution examples and package naming conventions.
- Simplified examples and templates for metadata, dependencies, environment variables, and security scope.
- Reference section updated with VirusTotal-safe command templates.
- Minor text, heading, and template improvements throughout for greater clarity.
v1.1.0
**Major update: Replaced generic compliance guide with a focused pre-publish checklist to prevent issues before they occur.**
- Switched from audit-fix workflow to a "pre-flight" checklist format for proactive compliance.
- Expanded actionable checklists with specific requirements and fix patterns for metadata, dependencies, environment variables, remote execution, security scope, instructions, and platform commands.
- Added clear fix templates and common contradictions to improve clarity and usability.
- Updated resource references to use the new `fix-patterns.md` file and removed outdated issue lists.
- Streamlined scope: This skill is now designed exclusively for use *before* publishing to ClawHub, not for post-audit remediation.
v1.0.0
Initial release — provides a comprehensive compliance guide for ClawHub skills.
- Details ClawHub audit levels and issue categories (Suspicious, Error, Warning, Info, Pass).
- Outlines common compliance problems and recommended fixes for each risk level.
- Provides a step-by-step workflow to audit and address compliance issues.
- Includes best practices and a checklist for skill publication.
- Supplies SKILL.md templates and example metadata declarations.
Metadata
Frequently Asked Questions
What is Clawhub Skill Compliance?
Pre-flight checklist for ClawHub skill publishing. Focus: metadata completeness, dependency transparency, security scope documentation. Use when: (1) prepari... It is an AI Agent Skill for Claude Code / OpenClaw, with 112 downloads so far.
How do I install Clawhub Skill Compliance?
Run "/install clawhub-skill-compliance" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Clawhub Skill Compliance free?
Yes, Clawhub Skill Compliance is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Clawhub Skill Compliance support?
Clawhub Skill Compliance is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Clawhub Skill Compliance?
It is built and maintained by Taoyi CHEN (@tchen6500); the current version is v1.2.2.
More Skills