← Back to Skills Marketplace
183
Downloads
0
Stars
1
Active Installs
7
Versions
Install in OpenClaw
/install kai-skill-creator
Description
Create new OpenClaw skills that pass ClawHub validation on first attempt. Use when building a new skill for OpenClaw. Teaches the complete process from templ...
README (SKILL.md)
Kai Skill Creator
Create OpenClaw skills correctly. Learned from getting kai-minimax-tts and kai-skill-creator to pass ClawHub scan.
Quick Start
1. Clone Template
cp -r /home/kai/.openclaw/workspace/skills/kai-minimax-tts /home/kai/.openclaw/workspace/skills/\x3CNEW_SKILL>
2. Edit SKILL.md
CORRECT FRONTMATTER:
---
name: skill-name
description: What this skill does and when to use it
metadata:
openclaw:
requires:
bins:
- binary1
- curl
env:
- API_KEY
---
# My Skill
Brief description...
## Usage
Commands and examples...
3. Write Script
chmod +x /home/kai/.openclaw/workspace/skills/\x3CNEW_SKILL>/scripts/\x3Cscript>.sh
4. Validate
python3 /home/kai/.nvm/versions/node/v22.22.1/lib/node_modules/openclaw/skills/skill-creator/scripts/quick_validate.py /home/kai/.openclaw/workspace/skills/\x3CNEW_SKILL>
5. Copy to Global
cp -r /home/kai/.openclaw/workspace/skills/\x3CNEW_SKILL> /home/kai/.openclaw/skills/\x3CNEW_SKILL>
6. Register in Config
Add to ~/.openclaw/openclaw.json:
{
"skills": {
"entries": {
"\x3CSKILL_NAME>": {
"enabled": true
}
}
}
}
7. Publish
cd ~/.openclaw/workspace
npx clawhub publish skills/\x3CSKILL_NAME> --slug \x3CSKILL_NAME> --version 1.0.0 --tags "tag1,tag2"
⚠️ CRITICAL: What NOT to Do
❌ NEVER Hardcode API Keys
# FLAGGED!
API_KEY="sk-api-xxxxx"
❌ NEVER Load .env in Script
# FLAGGED! Security risk
source ~/.env
❌ NEVER Use homepage Key
# FLAGGED! Causes validation failure
homepage: https://example.com
❌ NEVER Mention External API URLs
# FLAGGED! External endpoint reference
Get key from: https://api.example.com
Keep docs minimal. Scanner interprets URL mentions as potential data exfiltration.
❌ NEVER Leave Env Vars Undeclared
# MISMATCH! Script uses $API_KEY but not declared
metadata:
openclaw:
requires: {}
❌ Script Syntax Errors
# Test your script before publishing!
bash script.sh --test
# If EOF error or syntax issues → FLAGGED
✅ The CORRECT Pattern
Declaring Requirements
metadata:
openclaw:
requires:
env:
- MINIMAX_API_KEY
- CUSTOM_VAR
bins:
- curl
- whisper
Using Env Vars (Auto-Injected)
# Just use directly - OpenClaw injects these
API_KEY="$MINIMAX_API_KEY"
curl -H "Authorization: Bearer ${API_KEY}" ...
Adding Secrets to Config
{
"skills": {
"entries": {
"my-skill": {
"enabled": true,
"env": {
"API_KEY": "actual_key_here"
}
}
}
}
}
Scanner Checks (What Gets Flagged)
The ClawHub scanner verifies:
- Coherence: Declared requirements match actual code
- No surprise permissions: Env vars/bins declared = actually used
- No data exfiltration: External URLs in docs = red flag
- Valid syntax: Scripts must parse without errors
- Purpose clarity: Description matches what code actually does
Green = purpose, permissions, and code all match.
Pre-Publish Checklist
- No API keys hardcoded anywhere
- No
.envloading statements - All env vars declared in
requires.env - All bins declared in
requires.bins - No
homepagekey - No external API URLs in docs
- Script has valid syntax (test it!)
- Script produces expected output
- Version bumped (1.0.0 → 1.0.1 → etc)
- Validated with quick_validate.py
Troubleshooting
| Problem | Cause | Fix |
|---|---|---|
| "Omits required env" | Env var used but not declared | Add to requires.env |
| "Binary not found" | Wrong binary name | Use exact name, no path |
| "Unexpected permissions" | More bins declared than needed | Remove unused |
| "Purpose mismatch" | Docs say one thing, code does another | Align description |
| "External endpoint" | URL mentioned in docs | Remove URL references |
| EOF/syntax error | Script has bash errors | Fix syntax before publish |
Testing Tips
Test script locally:
# With inline env var for testing
MINIMAX_API_KEY=test_key bash scripts/script.sh --speak "test" en
# Check syntax
bash -n scripts/script.sh
File Locations
| Purpose | Path |
|---|---|
| Workspace skills | ~/.openclaw/workspace/skills/ |
| Global skills | ~/.openclaw/skills/ |
| Config | ~/.openclaw/openclaw.json |
| Validator | /home/kai/.nvm/versions/node/v22.22.1/lib/node_modules/openclaw/skills/skill-creator/scripts/quick_validate.py |
| Template | ~/.openclaw/workspace/skills/kai-minimax-tts/ |
Updated 2026-03-20 - Full scan passage for kai-minimax-tts and kai-skill-creator
Usage Guidance
This skill is coherent for building OpenClaw skills, but take these precautions before installing/using it: 1) Verify the absolute paths in SKILL.md (/home/kai/...) match your environment and update them if needed. 2) Review the create_skill.sh content locally to ensure it only does the expected file copies/renames and does not add unintended files. 3) Do not place production API keys in repository files; if you must add secrets to ~/.openclaw/openclaw.json, use test keys and ensure the file is not committed to source control. 4) Run the suggested validation locally (python3 quick_validate.py) and test your generated script with bash -n / functional runs before publishing. 5) If you plan to publish, confirm the template (kai-minimax-tts) is trustworthy and free of any external URLs or hidden endpoints.
Capability Analysis
Type: OpenClaw Skill
Name: kai-skill-creator
Version: 1.0.6
The skill is a developer utility designed to automate the creation of OpenClaw skill templates and ensure they pass validation. The documentation in SKILL.md provides sound security advice, such as avoiding hardcoded API keys and not sourcing .env files. The helper script scripts/create_skill.sh performs standard local file operations (copying templates and generating metadata) within the expected OpenClaw directory structure and includes basic input sanitization. While it contains environment-specific hardcoded paths (e.g., /home/kai/), there is no evidence of malicious intent, data exfiltration, or unauthorized execution.
Capability Assessment
Purpose & Capability
The name/description match the included SKILL.md and helper script: both are about creating new OpenClaw skills. Declaring python3 (used to run the provided quick_validate.py step) is reasonable even though the helper bash script itself doesn't need Python.
Instruction Scope
Instructions operate on the user's OpenClaw workspace and config (copying templates, writing SKILL.md, editing ~/.openclaw/openclaw.json and running a validator). This is expected for a skill-creation tool, but the docs contain absolute user-specific paths (/home/kai/...) and recommend placing secrets into the OpenClaw config — the user should confirm those paths match their environment and avoid putting production secrets into repository files.
Install Mechanism
There is no install spec and only an instruction-only SKILL.md plus a small bash helper script; nothing is downloaded or written to disk by an installer step beyond what the user runs locally.
Credentials
The skill declares no required environment variables. The documentation shows how to declare and let OpenClaw inject env vars, and instructs adding secrets to ~/.openclaw/openclaw.json — functionally coherent, but storing secrets in local config should be done carefully (use least-privilege test keys and avoid committing secrets).
Persistence & Privilege
The skill does not request always:true and does not auto-enable itself. It tells the user how to copy the skill to global directories and edit the agent config, which is expected for publishing a skill and is not an elevated privilege in itself.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install kai-skill-creator - After installation, invoke the skill by name or use
/kai-skill-creator - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.6
- Major SKILL.md rewrite for clarity and concise guidance
- Added stricter instructions to avoid hardcoding API keys, loading .env files, or mentioning external URLs (to avoid ClawHub scanner flags)
- Provided a step-by-step, streamlined workflow for creating, validating, and publishing skills
- Expanded "What NOT to Do" with more scanner red flags and best practices
- Updated pre-publish checklist and troubleshooting table for faster validation and issue resolution
- Improved examples and file location references throughout
v1.0.5
Major update: Complete rewrite of documentation with a new "Do Not" list, best practices, and clearer instructions.
- Reorganized the setup process for clarity and conciseness.
- Added an explicit section listing critical mistakes to avoid (e.g., hardcoded secrets, .env use, homepage key).
- Streamlined instructions for declaring and using environment variables securely across Bash, Python, and Node.js.
- Expanded the Common Issues table, now mapping problems to fixes.
- Introduced path handling best practices and a comprehensive pre-publish checklist.
- Updated local testing and publishing guidance.
v1.0.4
kai-skill-creator 1.0.4 Changelog
- Overhauled the process for handling API keys: users should now add secrets to `openclaw.json` instead of `.env` files.
- Updated documentation to show secure environment variable declaration and usage via OpenClaw config.
- Clarified instructions for registering and enabling skills in the global config.
- Tightened security guidance: emphasized never placing API keys in skill or script files.
- Removed recommendation and code samples for `.env` file loading.
v1.0.3
kai-skill-creator 1.0.3
- Documentation updated in SKILL.md, clarifying correct frontmatter and security guidance.
- No functional or code changes; only improved instructions and best practices included.
v1.0.2
kai-skill-creator v1.0.2
- Updated SKILL.md to use clean YAML metadata format in frontmatter.
- Replaced legacy JSON-style metadata with standard YAML indentation.
- Added publishing instructions for ClawHub.
- Clarified steps for declaring required binaries and environment variables.
- Updated and condensed examples for required env vars and bins.
- Improved formatting of tips, common errors, and security checklist.
v1.0.1
**Major update: Adds important security guidance for handling API keys and sensitive data.**
- Added a new "SECURITY" section with clear instructions on storing API keys and secrets using environment variables.
- Provided templates and sample code to prevent hardcoding secrets in skill files.
- Included a checklist for safe publishing to ClawHub.
- Added concrete examples of both insecure and secure approaches to handling secrets.
- Updated last modified date in documentation.
v1.0.0
- Initial release of kai-skill-creator: a step-by-step guide to quickly and correctly creating new OpenClaw skills.
- Provides detailed instructions on cloning a template, editing SKILL.md with strict frontmatter requirements, and registering new skills.
- Offers troubleshooting tips for common issues like validation errors or missing binaries.
- Summarizes key folder locations and validation commands.
- Includes best practices and tips to ensure skills are detected and work smoothly with the OpenClaw system.
Metadata
Frequently Asked Questions
What is Kai Skill Creator?
Create new OpenClaw skills that pass ClawHub validation on first attempt. Use when building a new skill for OpenClaw. Teaches the complete process from templ... It is an AI Agent Skill for Claude Code / OpenClaw, with 183 downloads so far.
How do I install Kai Skill Creator?
Run "/install kai-skill-creator" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Kai Skill Creator free?
Yes, Kai Skill Creator is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Kai Skill Creator support?
Kai Skill Creator is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Kai Skill Creator?
It is built and maintained by Blaze🔥 (@ogdegenblaze); the current version is v1.0.6.
More Skills