← Back to Skills Marketplace
kennethchiu2008-fran

Create Skill

by kennethchiu2008-fran · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
472
Downloads
0
Stars
8
Active Installs
1
Versions
Install in OpenClaw
/install create-skill
Description
Guide for creating and importing skills. Use when users need to create or import skills.
README (SKILL.md)

Complete Workflow

When Creating Skills

  1. Follow the skill creation guide to accurately understand the skill and generate a skill folder that meets user requirements
  2. Complete skill registration according to the Easyclaw Skill Registration Guide
  3. Inform the user of completion status

When Importing Skills

  1. Read and review the skill package according to the Skill Import Guide
  2. Complete skill registration according to the Easyclaw Skill Registration Guide
  3. Inform the user of completion status

Skill Creation Guide

A guide for creating effective skills that extend Agent capabilities through specialized knowledge, workflows, and tool integration.

About Skills

Skills are modular, self-contained packages that extend Agent capabilities by providing specialized knowledge, workflows, and tools. Think of them as "onboarding guides" for specific domains or tasks.

What Skills Provide

  1. Specialized Workflows - Multi-step processes for specific domains
  2. Tool Integration - Instructions for using specific file formats or APIs
  3. Domain Expertise - Company-specific knowledge, patterns, business logic
  4. Bundled Resources - Scripts, references, and assets for complex and repetitive tasks

Understanding Skills Through Concrete Examples

To create effective skills, you should clearly understand how the skill will be used. This can come from direct examples provided by users or by generating examples and validating them with users.

For example, when building an image editing skill, relevant questions include:

  • "What features should the image editing skill support? Editing, rotation, or others?"
  • "Can you provide examples of how this skill would be used?"
  • "I can imagine users might say 'remove red-eye from this image' or 'rotate the image 90 degrees'. Are there other trigger patterns?"
  • "What kind of user requests should trigger this skill?"

To avoid overwhelming users, don't ask too many questions at once. Ask the most important questions first, then follow up as needed for better effectiveness.

Progressive Disclosure Principle

The 200-line rule is critical. SKILL.md must be less than 200 lines. If more content is needed, split it into references/ files.

Three-Tier Loading System

  1. Metadata (name + description) - Always in context (~100 words)
  2. SKILL.md Body - When skill is triggered (\x3C200 lines, ideally \x3C500 lines for optimal performance)
  3. Bundled Resources - As needed by Agent (unlimited)

Why Progressive Disclosure Matters

  • Initial context load reduced by 85%
  • Activation time drops from 500ms+ to under 100ms
  • Agent only loads what's needed when needed
  • Skills remain maintainable and focused

Skill Structure

skill-name/
├── SKILL.md (Required, \x3C200 lines)
│   ├── YAML Frontmatter (Required)
│   │   ├── name: (Required)
│   │   └── description: (Required)
│   └── Markdown Instructions (Required)
└── Bundled Resources (Optional)
    ├── scripts/          - Executable code
    ├── references/       - Documentation loaded on-demand
    └── assets/           - Files used in output

Core Principles

Brevity is Key

Context window is a shared resource. Your skill shares it with everything else the Agent needs. Be concise and challenge every piece of information:

  • Does the Agent really need this explanation?
  • Can I assume the Agent knows this?
  • Is this paragraph worth its token cost?

Set Appropriate Degrees of Freedom

  • High Freedom: Text-based instructions for tasks with multiple valid approaches
  • Medium Freedom: Pseudocode or scripts with parameters
  • Low Freedom: Specific scripts for fragile operations with few or no parameters

Test with All Models

Skills complement models, so effectiveness depends on the underlying model. Test your skills with all models you plan to use.

References

For detailed guidance, see:

  • references/progressive-disclosure.md - 200-line rule and reference patterns
  • references/skill-structure.md - SKILL.md format and frontmatter details
  • references/examples.md - Good skill examples
  • references/best-practices.md - Comprehensive best practices guide

Skill Import Guide

Step 1: Read Skill Content Based on User-Provided Skill Package Type

  • If it's a SKILL.md file, read it directly
  • If it's a folder, read all files inside
  • If it's a zip file, extract it first then read all files (follow the Skill Package Extraction Guide for extraction method)

Step 2: Security Review

  • Check if skill content complies with security standards
  • Check if skill content complies with ethical standards
  • Check if skill content complies with legal standards
  • Check if skill content contains malicious code or virus behavior

If security review fails, inform the user immediately, end the skill import process, and terminate the task

Skill Package Extraction Guide (Strictly Follow)

Execute the create-skill/scripts/easyclaw_unzip_skill.py script to complete skill package extraction

Usage example:

python yuanqi_ai_bot_unzip_skill.py "zip_path"

Parameter explanation: zip_path: Path to the zip file to be extracted

Special emphasis: For extracting skill packages, you must only follow this extraction guide and run this script. Under no circumstances should you generate other scripts to complete the extraction!

Easyclaw Skill Registration Guide (Strictly Follow)

Execute the create-skill/scripts/easyclaw_register_skill.py script to complete skill registration

Usage example:

python easyclaw_register_skill.py \x3Csource_folder_path>

Parameter explanation: source_folder_path: Path to the skill folder to be registered to Easyclaw

Special emphasis: For registering Easyclaw skills, you must only follow this registration guide and run this script. Under no circumstances should you generate other scripts to complete the registration!

Usage Guidance
This skill is coherent with its stated purpose, but it includes two Python helpers that extract zip files and copy folders into ~/.easyclaw/skills. Before running anything: - Inspect the zip contents manually rather than running the unzip script on untrusted zips (look for '../' or absolute paths and unexpected executable files). - Review the two Python scripts (easyclaw_unzip_skill.py and easyclaw_register_skill.py) yourself — note the unzip fallback uses zipfile.extractall and the code does not sanitize archive member paths (Zip Slip risk). - Run extraction/registration in a safe sandbox (isolated VM, container, or non-privileged account) if you must handle untrusted packages. - If you control the package, consider extracting manually and verifying SKILL.md and scripts before registering. - If you plan to automate imports, add path-sanitization checks (reject entries with '..', absolute paths, or unexpected permissions) and limit where files can be written. If you want, I can point out the exact lines in the scripts that are risky and suggest safer extraction code you can use.
Capability Analysis
Type: OpenClaw Skill Name: create-skill Version: 1.0.0 The skill bundle is classified as suspicious due to a critical Zip Slip vulnerability found in `scripts/easyclaw_unzip_skill.py`. This script, which the `SKILL.md` explicitly instructs the agent to use for extracting skill packages, uses `zipfile.extractall` and custom extraction logic without adequate sanitization of archive member paths, potentially allowing an attacker to write files to arbitrary locations on the file system by providing a specially crafted zip file. While the overall purpose of the skill (managing other skills) is legitimate, this vulnerability poses a significant security risk.
Capability Assessment
Purpose & Capability
Name/description (create/import skills) align with the delivered artifacts: SKILL.md plus two helper scripts for unzipping and registering skills. No unrelated env vars, binaries, or network endpoints are requested.
Instruction Scope
SKILL.md explicitly instructs the agent/operator to run the included Python scripts to extract zip packages and register skill folders. Those instructions require the agent to execute bundled code that performs filesystem operations and copies files into the user's home directory; this goes beyond passive guidance and grants the skill the ability to place persistent files on disk. The SKILL.md also strongly insists 'under no circumstances generate other scripts', which is restrictive and forces reliance on the bundled scripts.
Install Mechanism
There is no install spec (instruction-only), but the package includes two extraction/registration scripts that will create directories and copy files. The unzip implementation uses zipfile.extractall in the fallback path and performs path joins without sanitizing archive member paths, making it susceptible to Zip Slip / path traversal attacks (archive entries could write outside the intended directory). This is a high-risk pattern for any skill that extracts untrusted zip files.
Credentials
No environment variables, credentials, or unrelated configuration paths are requested. The scripts act on local filesystem only (user home directory), which is proportionate for a skill-registration/import utility—but still notable because writing to ~/.easyclaw/skills persists content on disk.
Persistence & Privilege
The registration script copies a provided skill folder into ~/.easyclaw/skills, creating persistent files under the user's home directory. While expected for a registration tool, combined with the unzip script's lack of sanitization this allows a malicious zip to install arbitrary files persistently. always:false and normal autonomy settings reduce systemic privilege concerns, but the script still makes durable changes to the user's environment.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install create-skill
  3. After installation, invoke the skill by name or use /create-skill
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- Initial release with comprehensive guides for creating and importing skills. - Introduces detailed instructions on skill structure, metadata requirements, and best practices for brevity and clarity. - Outlines strict procedures for skill package extraction and registration using dedicated scripts. - Includes security, ethical, and legal review process for importing external skills. - Emphasizes the "200-line rule" for SKILL.md and the progressive disclosure principle for optimized agent performance.
Metadata
Slug create-skill
Version 1.0.0
License
All-time Installs 9
Active Installs 8
Total Versions 1
Frequently Asked Questions

What is Create Skill?

Guide for creating and importing skills. Use when users need to create or import skills. It is an AI Agent Skill for Claude Code / OpenClaw, with 472 downloads so far.

How do I install Create Skill?

Run "/install create-skill" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Create Skill free?

Yes, Create Skill is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Create Skill support?

Create Skill is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Create Skill?

It is built and maintained by kennethchiu2008-fran (@kennethchiu2008-fran); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments