← 返回 Skills 市场
Clawhub Skill Compliance
作者
Taoyi CHEN
· GitHub ↗
· v1.2.2
· MIT-0
112
总下载
0
收藏
0
当前安装
5
版本数
在 OpenClaw 中安装
/install clawhub-skill-compliance
功能描述
Pre-flight checklist for ClawHub skill publishing. Focus: metadata completeness, dependency transparency, security scope documentation. Use when: (1) prepari...
使用说明 (SKILL.md)
ClawHub Skill Compliance Checklist
Purpose: Ensure skills have complete metadata, transparent dependencies, and clear security scope before publishing.
Target: Legitimate skill authors seeking clean publishing status.
Pre-flight Checklist
1. Metadata Completeness
| Check | Fix |
|---|---|
Missing name? |
Add: name: skill-name |
Vague description? |
Add triggers: "Use when: X, Y" |
| Missing exclusions? | Add: "NOT for: simple X" |
2. Dependency Transparency
| Check | Fix |
|---|---|
| References external skill? | Declare: dependencies.skills |
| Uses specific tools? | Declare: dependencies.tools |
| Forced skill loading? | Make optional |
Transparency principle: All dependencies should be declared in frontmatter.
3. Environment Variables
| Check | Fix |
|---|---|
| Uses API keys? | Declare: env.optional |
| Hardcoded secrets? | Use annotated placeholder |
Placeholder format: \x3Cyour-api-key> (not actual values)
4. Security Scope
| Check | Fix |
|---|---|
| Missing section? | Add Security Scope |
| Unclear capabilities? | List: does / does NOT |
Template:
## Security Scope
**What this skill does**: [list]
**What this skill does NOT**: [list]
5. Instruction Consistency
| Check | Fix |
|---|---|
| Header contradicts examples? | Align both |
| Shows excluded behavior? | Remove from examples |
6. Platform Commands
| Check | Fix |
|---|---|
| Platform-specific command? | Mark as optional |
7. Content Simplicity
| Check | Fix |
|---|---|
| Complex examples? | Simplify for clarity |
| Redundant details? | Consolidate into tables |
Simplicity principle: Clear, concise content is easier for scanners to analyze accurately.
8. Safe Package References
| Check | Fix |
|---|---|
| Using remote execution? | Prefer global install |
Using npx -y? |
Remove (no verification bypass) |
Safe pattern: Verify package, install globally, use binary name.
Transparency Guidelines
When simplifying content:
- Use annotated placeholders:
\x3Cyour-api-key>,\x3Cproject-url> - Keep necessary context: Security scope, dependencies
- Don't remove security information: Keep what reviewers need
- Log all changes: Track what was simplified and why
Goal: Accurate scanner analysis, not hiding content.
Security Warning
This skill is for legitimate skill authors only.
Do NOT use this checklist:
- To publish malicious content
- To hide harmful behavior
- To bypass legitimate security reviews
Misuse: Using these guidelines for malicious skills violates trust and may result in account suspension.
Issue Coverage
| Category | Coverage |
|---|---|
| Metadata completeness | 100% |
| Dependency transparency | 100% |
| Security scope | 100% |
| Instruction consistency | 90% |
| Safe package references | 100% |
Compliance Checklist v2.2 - 2026-04-05
安全使用建议
This is a documentation-only compliance checklist and appears coherent with its stated purpose. Before publishing or relying on it: (1) confirm any future code added to accompany this checklist declares dependencies and env vars exactly as the checklist recommends, (2) verify that placeholders are not replaced with real secrets in published files, and (3) remember that the absence of code/scan findings here means there's nothing for the scanner to analyze — if someone later attaches install scripts or downloads, re-review the install spec and any external URLs for unexpected behavior.
功能分析
Type: OpenClaw Skill
Name: clawhub-skill-compliance
Version: 1.2.2
The skill bundle 'clawhub-skill-compliance' is a documentation-focused tool designed to help developers audit their skills for metadata completeness and security transparency. The files SKILL.md and references/fix-patterns.md provide checklists and templates that promote security best practices, such as declaring dependencies, using placeholders for secrets, and documenting security scopes. No malicious code, data exfiltration, or harmful prompt-injection instructions were found; the content is entirely aligned with its stated purpose of improving skill quality and compliance.
能力评估
Purpose & Capability
The skill claims to be a pre-flight compliance checklist and is implemented purely as prose templates and guidance. It requests no binaries, credentials, or installs — which is appropriate for a documentation/checklist tool.
Instruction Scope
SKILL.md contains checklist items, templates, and safe guidance (placeholders for secrets, declaration of dependencies, security-scope templates). It does not instruct reading local files, sending data to external endpoints, or executing commands, so the runtime instruction surface is minimal and aligned with the stated purpose.
Install Mechanism
No install specification and no code files are included; this is the lowest-risk pattern for a documentation-only skill. Nothing is written to disk or fetched at install time.
Credentials
The skill declares no required environment variables or credentials and only recommends documenting any env vars that a real skill would use. There are no unexplained secret requests.
Persistence & Privilege
always is false and model-invocation is allowed by default. The skill makes no requests to modify agent/system configuration and requires no persistent presence; privileges are minimal and appropriate.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install clawhub-skill-compliance - 安装完成后,直接呼叫该 Skill 的名称或使用
/clawhub-skill-compliance触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.2.2
**Updated checklist and documentation to clarify compliance and simplify structure:**
- Refined focus on metadata completeness, dependency transparency, and security scope documentation.
- Added and clarified author, provenance, and intended use in SKILL.md frontmatter.
- Reorganized checklist: condensed and reworded steps for clarity and ease of use.
- Strengthened language on ethical use and explicit warnings against misuse.
- Added guidelines for using placeholders and ensuring transparency.
- Updated section on safe package references, removing ambiguous or risky patterns.
v1.2.1
- Streamlined and condensed checklist instructions for faster review and improved clarity.
- Added explicit trigger word list and URL placeholder guidance to strengthen VirusTotal false-positive prevention.
- Simplified environment variable, dependency, and remote execution sections to focus on critical actions.
- Enhanced coverage tables and checklist steps for easier checklist execution.
- Updated resource references for quick access to fix patterns.
v1.2.0
**Summary:**
Adds dedicated guidance for VirusTotal false-positive prevention and improves overall checklist clarity and safety.
- Added new VirusTotal False-Positive Prevention section with specific checks and fix patterns.
- Updated compliance coverage estimate from 80%+ to 90%+ of common ClawHub and VirusTotal issues.
- Clarified and strengthened requirements for remote execution examples and package naming conventions.
- Simplified examples and templates for metadata, dependencies, environment variables, and security scope.
- Reference section updated with VirusTotal-safe command templates.
- Minor text, heading, and template improvements throughout for greater clarity.
v1.1.0
**Major update: Replaced generic compliance guide with a focused pre-publish checklist to prevent issues before they occur.**
- Switched from audit-fix workflow to a "pre-flight" checklist format for proactive compliance.
- Expanded actionable checklists with specific requirements and fix patterns for metadata, dependencies, environment variables, remote execution, security scope, instructions, and platform commands.
- Added clear fix templates and common contradictions to improve clarity and usability.
- Updated resource references to use the new `fix-patterns.md` file and removed outdated issue lists.
- Streamlined scope: This skill is now designed exclusively for use *before* publishing to ClawHub, not for post-audit remediation.
v1.0.0
Initial release — provides a comprehensive compliance guide for ClawHub skills.
- Details ClawHub audit levels and issue categories (Suspicious, Error, Warning, Info, Pass).
- Outlines common compliance problems and recommended fixes for each risk level.
- Provides a step-by-step workflow to audit and address compliance issues.
- Includes best practices and a checklist for skill publication.
- Supplies SKILL.md templates and example metadata declarations.
元数据
常见问题
Clawhub Skill Compliance 是什么?
Pre-flight checklist for ClawHub skill publishing. Focus: metadata completeness, dependency transparency, security scope documentation. Use when: (1) prepari... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 112 次。
如何安装 Clawhub Skill Compliance?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install clawhub-skill-compliance」即可一键安装,无需额外配置。
Clawhub Skill Compliance 是免费的吗?
是的,Clawhub Skill Compliance 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Clawhub Skill Compliance 支持哪些平台?
Clawhub Skill Compliance 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Clawhub Skill Compliance?
由 Taoyi CHEN(@tchen6500)开发并维护,当前版本 v1.2.2。
推荐 Skills