← Back to Skills Marketplace
Skill Publish
by
haiyangchen
· GitHub ↗
· v1.0.1
· MIT-0
39
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install workbuddy-skill-publish
Description
Audit and publish agent skills to ClawHub and GitHub. Scans for personal data, validates frontmatter, enforces bilingual docs, removes internal-only content,...
README (SKILL.md)
Skill Publish
Audit, clean, and publish agent skills to ClawHub and GitHub. Complements
skill-design-guide(design-time) with publish-time rules. Works with any SKILL.md-based skill in the OpenClaw ecosystem.
Overview
Local skill directories often contain personal scripts, internal notes, and ticker-specific code that should never appear in public distributions. This skill standardizes the audit → cleanup → publish → verify pipeline.
Two modes: audit (scan only, no changes) or publish (audit + clean + push).
Workflow
Mode: Audit (default when user says "check" or "audit")
Step 1: [Deterministic] Confirm Target
- Identify the skill directory to audit. If user didn't specify, ask.
- Verify SKILL.md exists at
\x3Cdir>/SKILL.md. - If missing, stop: "Not a skill directory — no SKILL.md found."
Step 2: [Deterministic] Load Rules
- Read
references/publish-rules.mdfor detailed validation criteria.
Step 3: [Deterministic] Scan Files
For each file in the skill directory (recursive), check:
| Scan | What To Flag |
|---|---|
| Personal data | Ticker symbols with share counts, cost basis, account values, personal names/emails |
| Ticker-specific code | Scripts or configs hardcoded to single tickers (e.g. check_tsla_entry.py) |
| Internal dev notes | "审计清理版", "next N months: no new rules", personal reminders |
| Meta-documents | Files like SKILL_PUBLISH_RULES.md that aren't part of the skill itself |
| Old version files | Q2_2026_交易策略.md — outdated strategy docs |
Step 4: [LLM] Validate SKILL.md Content
Read the full SKILL.md. Check:
| Check | Rule |
|---|---|
Frontmatter name |
No version number embedded |
Frontmatter description |
≤3 sentences, English, no tickers/versions/keywords |
| H1 title | No version number |
## 详细参考 / ## References section |
Must NOT exist |
| Version history | Only published versions, max 5 rows, no "planned" entries |
| Internal dev notes | Must be absent from body text |
| Language | Body is English (a Chinese summary paragraph at end is OK) |
Step 5: [Deterministic] Validate Bilingual Docs
README.mdexists and is in EnglishREADME_zh.mdexists and is in Chinese- Version numbers in both README files match
CONTRIBUTING.mdexists and is in English (if present)
Step 6: [Deterministic] Generate Audit Report
Output format:
## Skill Publish Audit: \x3Cskill-name>
### Issues Found
| # | Severity | File | Issue |
|---|----------|------|-------|
| 1 | HIGH | SKILL.md | description 含版本号和关键词列表 |
| 2 | HIGH | SKILL.md | H1 标题带版本号 |
| 3 | MEDIUM | check_tsla_entry.py | 个股脚本,不应发布 |
| 4 | LOW | SKILL.md | 版本历史含未发布版本 |
### Clean Files (safe to publish)
- SKILL.md (after fixes above)
- README.md ✓
- README_zh.md ✓
- references/*.md (3 files) ✓
- scripts/*.py (8 files) ✓
### Action Required Before Publish
- [ ] Fix issue #1: rewrite description
- [ ] Fix issue #2: remove version from H1
- [ ] Fix issue #3: exclude check_tsla_entry.py
- [ ] Fix issue #4: trim version history
Stop here in audit mode. User reviews and decides next step.
Mode: Publish (when user says "publish" or confirms audit)
Step 7: [LLM] Fix Content Issues
Apply all fixes identified in the audit:
- Rewrite frontmatter description (≤3 English sentences)
- Strip version from H1 title
- Remove
## 详细参考/Referencessection - Trim version history to 5 published versions max
- Remove internal dev notes throughout
Write fixed content to SKILL.md, README.md, README_zh.md as needed.
Step 8: [Deterministic] Prepare Clean Directory
- Create temp dir:
\x3Cskill-dir>-publish/ - Copy only whitelisted files:
SKILL.md,README.md,README_zh.mdCONTRIBUTING.md,LICENSE(if exist)references/(all.mdfiles)scripts/(all.pyfiles — filters out personal scripts)requirements.txt,_meta.json
- Verify: NO ticker-specific scripts, NO personal files, NO meta-documents in temp dir.
Step 9: [Deterministic] Determine Version
- Read
_meta.jsonfor current published version - If user specified a version, validate it's higher than current
- If no version specified, ask user for target version
- Generate changelog summary from audit fixes
Step 10: [Deterministic] Push to ClawHub
clawhub publish \x3Cclean-dir> --slug \x3Cslug> --version \x3Cversion> --changelog "\x3Csummary>"
- If "Version already exists": bump patch version and retry
- If network error: report and stop
- On success: capture new version and publish ID
Step 11: [Deterministic] Push to GitHub
For each whitelisted file:
- GET
https://api.github.com/repos/\x3Cowner>/\x3Crepo>/contents/\x3Cpath>→ get SHA - PUT with base64 content + SHA (or POST if new file)
For files to delete (from audit list):
- DELETE with SHA
Use the GitHub PAT from ~/.workbuddy/connectors/\x3Cid>/tokens/github.txt.
Step 12: [Deterministic] Verify
[ ] clawhub inspect \x3Cslug> → latest version matches, English description
[ ] GitHub repo: correct files present, no personal scripts
[ ] Clean temp dir deleted
Hard Rules
These cannot be violated.
- Never modify local files. All fixes go to temp publish directory. Local stays intact.
- Never publish without audit. Every file must be scanned before reaching ClawHub/GitHub.
- Personal data is a blocking error. Any finding of account values, share counts, cost basis → must be resolved before publish.
- No version in name.
namefield and H1 title must never contain version numbers. - English-first SKILL.md. Body text must be English. Chinese summary at end is optional.
- Temp dir must be deleted after successful publish.
Failure Handling
| Scenario | Action |
|---|---|
| SKILL.md not found | Stop: "Not a skill directory" |
| Personal data found | Block publish; report exact file+line; user must manually remove |
| ClawHub auth missing | Guide: "Run clawhub login --token \x3Ctoken>" |
| Version already exists | Auto-bump patch version; ask user to confirm |
| GitHub PAT not found | Guide: "Ensure GitHub connector is active" |
| GitHub write fails (403) | Report: "Token lacks write permission on this repo" |
| Network timeout | Retry once; if still fails, report and stop |
| User cancels mid-publish | Clean up temp dir, report: "Publish aborted, local files untouched" |
Output Format
Audit Mode Output
## Skill Publish Audit: \x3Cname> v\x3Cversion>
### Issues (N found)
[table: severity, file, issue, fix]
### Clean Files (M files, K KB)
[file list]
### Publish Target
- ClawHub: \x3Cowner>/\x3Cslug>
- GitHub: \x3Cowner>/\x3Crepo>
- Version: \x3Ccurrent> → \x3Ctarget>
Publish Mode Output
## Publish Complete: \x3Cname>@\x3Cversion>
### ClawHub
- URL: https://clawhub.ai/\x3Cowner>/\x3Cslug>
- Version: \x3Cversion>
- Publish ID: \x3Cid>
### GitHub
- Repo: \x3Cowner>/\x3Crepo>
- Commit: \x3Csha>
- Files: \x3CN> updated, \x3CM> deleted
Usage Guidance
Install only if you intend to let this skill publish skill contents externally and update or delete files in a GitHub repository. Before using publish mode, run audit mode first, review the exact file list, confirm the repository and version target, and use a narrowly scoped GitHub token rather than a broad personal token.
Capability Assessment
Purpose & Capability
The audit, cleanup, ClawHub publish, and GitHub sync capabilities match the stated purpose of publishing skills; the sensitive actions are not hidden, but they are high impact.
Instruction Scope
Publish mode includes rewriting cleaned content, pushing to ClawHub, updating GitHub files, and deleting GitHub files, but the artifacts do not require a clear final confirmation summarizing remote writes and deletions immediately before execution.
Install Mechanism
The package contains markdown/json skill artifacts only, with no executable installer, dependency declarations, or hidden setup code observed.
Credentials
The skill instructs the agent to read a GitHub PAT from a local connector token path and use it for repository writes; this is purpose-aligned but grants broad sensitive authority that should be explicitly scoped and consented to.
Persistence & Privilege
The workflow uses a temporary publish directory and states it must be deleted after publish, and it says local source files should remain intact; however, the remote GitHub mutations and deletion behavior are persistent.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install workbuddy-skill-publish - After installation, invoke the skill by name or use
/workbuddy-skill-publish - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
v1.0.1: de-emphasize WorkBuddy branding, general-purpose agent skill publish
v1.0.0
v1.0.0: Initial release. Audit and publish WorkBuddy skills to ClawHub & GitHub.
Metadata
Frequently Asked Questions
What is Skill Publish?
Audit and publish agent skills to ClawHub and GitHub. Scans for personal data, validates frontmatter, enforces bilingual docs, removes internal-only content,... It is an AI Agent Skill for Claude Code / OpenClaw, with 39 downloads so far.
How do I install Skill Publish?
Run "/install workbuddy-skill-publish" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Skill Publish free?
Yes, Skill Publish is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Skill Publish support?
Skill Publish is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Skill Publish?
It is built and maintained by haiyangchen (@haiyangchenbj); the current version is v1.0.1.
More Skills