← 返回 Skills 市场
GitHub → ClawHub 一键转化发布
作者
antonia huang
· GitHub ↗
· v1.1.0
· MIT-0
343
总下载
0
收藏
1
当前安装
2
版本数
在 OpenClaw 中安装
/install github-to-clawhub
功能描述
将 GitHub 开源项目转化为 OpenClaw skill 并发布到 clawhub 的完整流程助手。 当用户说"把这个 GitHub 项目做成 skill"、"把 XX 发布到 clawhub"、"把这个项目封装成 skill"、 "把 GitHub 链接转成 skill 上传"、"GitHub 转 ski...
使用说明 (SKILL.md)
GitHub → ClawHub 一键转化发布
把任意 GitHub 开源项目转化为 OpenClaw skill,发布到 clawhub.com。
前置要求
| 条件 | 说明 |
|---|---|
| GitHub URL | 目标项目的 GitHub 链接 |
| clawhub token | 格式:clh_xxx,在 clawhub.com → Profile → API Keys 获取 |
| exec 权限 | OpenClaw 需要能执行 shell 命令(本地部署默认有) |
如果用户还没提供 token,先询问 token,再继续。
执行流程
Step 1:读取原项目信息
web_fetch https://raw.githubusercontent.com/{owner}/{repo}/main/README.md
提取以下信息:
- 项目的核心功能(一句话)
- 技术路径(调 API / 本地计算 / 多 Agent / 纯提示词)
- 是否依赖外部服务、本地 GPU、特殊硬件
- License 类型(MIT / Apache / GPL 等)
排除标准(遇到这些直接告知用户不适合做 skill):
- 需要本地 GPU / 大 VRAM
- 纯前端/移动端 UI 项目,无 API 可调
- 需要复杂本地服务部署才能运行
- 涉及敏感/违规内容
Step 2:clawhub 查重
knot_skills search "{关键词1} {关键词2}"
搜索 2-3 次,覆盖不同角度的关键词。
判断标准:
- 完全重复(功能完全相同)→ 告知用户,询问是否换 slug 继续,或放弃
- 部分重叠(有相似但不完全相同)→ 说明差异,继续发布
- 空白地带(无相似 skill)→ 直接继续
Step 3:确定 skill 元信息
与用户确认(如果未提供):
slug:URL 友好名称,全小写 + 连字符,如opinion-analyzerdisplayName:展示名称,如Opinion Analyzer — 多视角舆情分析助手tags:逗号分隔,如analysis,sentiment,research
Slug 命名规则:
- 全小写 + 连字符,无空格
- 不能和已有 slug 完全重复(Step 2 查重时会发现)
- 描述性词汇优先(
jd-interview-prep比interview好)
Step 4:撰写 SKILL.md
这是核心步骤,决定 skill 质量。
SKILL.md 结构:
---
name: {slug}
description: >
{触发场景描述,包含5-10个触发词,这决定了 AI 什么时候加载这个 skill}
author: {作者}
version: 1.0.0
---
# {displayName}
灵感来源:[{原项目名}]({GitHub URL}) ⭐ {star 数}
{一句话核心价值}
---
## 使用方式
{2-3 个调用示例}
---
## 执行流程
{分步骤,具体到"做什么、怎么做"}
---
## 输出格式
{交付物的结构模板}
---
## 注意事项
{边界条件、限制}
撰写原则:
description触发词要够多够准,这是 skill 被激活的唯一入口- 执行流程具体到操作层面,不能写"帮你分析"这种废话
- 输出格式给出模板,AI 不会自己发明格式
- 不是翻译 README,是把原项目逻辑转化为 AI 行为规范
Step 5:创建本地文件
SKILL_DIR="/root/.openclaw/workspace/skills/SKILL-{slug}"
mkdir -p "$SKILL_DIR"
# 写入 SKILL.md
如果原项目有实用脚本/配置文件需要随 skill 分发,也放入此目录。
Step 6:发布到 clawhub
CLAWHUB_TOKEN={token} \
clawhub publish {SKILL_DIR} \
--slug {slug} \
--name "{displayName}" \
--version 1.0.0 \
--changelog "Initial release: {一句话描述}" \
--tags "{tags}"
常见错误处理:
| 错误 | 原因 | 解决方案 |
|---|---|---|
Path must be a folder |
传了文件路径 | 改为传目录路径 |
Slug is already taken |
slug 被占用 | 换更具体的 slug 重试 |
rate limit exceeded |
每小时限 5 个新 skill | 用 qqbot-cron 创建 65 分钟后的重试任务 |
400 (acceptLicenseTerms) |
CLI 版本 bug | patch publish.js,加 acceptLicenseTerms: true |
401 Unauthorized |
token 无效/过期 | 让用户在 clawhub.com 重新生成 token |
频率限制时的 patch CLI 方法:
PUBLISH_JS=$(find /usr/local/lib -name "publish.js" -path "*/clawhub/*" | head -1)
grep -q "acceptLicenseTerms" "$PUBLISH_JS" || \
sed -i 's/skillName:/acceptLicenseTerms: true, skillName:/' "$PUBLISH_JS"
Step 7:验证发布
knot_skills search "{slug}"
成功后回复:
✅ 已发布:{displayName}
📦 slug:{slug}
🌐 https://clawhub.com/skills/{slug}
快速模式
用户如果一句话提供了所有信息:
"把 https://github.com/xxx/yyy 做成 skill,token 是 clh_xxx"
直接从 Step 1 执行到底,完成后汇报结果,不需要逐步确认。
缺少信息时,只问缺少的那个,不重复已知内容。
示例
输入: "把 https://github.com/666ghj/BettaFish 做成 skill,token clh_xxx"
执行过程:
- fetch README → 多 Agent 舆情分析系统
- knot_skills search → 无重复
- slug:
opinion-analyzer,name:Opinion Analyzer — 多视角舆情分析助手 - 撰写 SKILL.md(多视角分析流程、报告模板)
- 创建目录,写文件
clawhub publish→ ✅ 成功
安全使用建议
This skill's goal (convert a GitHub repo into a ClawHub skill and publish it) is plausible, but the runtime instructions include risky, system-level operations and an undeclared credential. Before installing/using it:
- Do not hand over your CLAWHUB_TOKEN without understanding its scope; prefer a token with the minimum permissions or create a throwaway token for testing. The metadata should declare this required env var — its absence is a red flag.
- Review the target GitHub repo contents manually first. The skill's workflow may copy scripts/configs from the repo into the agent workspace which could introduce malicious code or secrets.
- Avoid running the automated publish flow on a host where you don't want persistent changes. Run in a sandbox/container, as a non-root user, or on an isolated machine.
- Do not run the suggested sed/patch commands on global system paths (/usr/local/lib) unless you fully trust the source and understand the change; patching installed CLI files is high-risk and can break or subvert tooling.
- Verify license compatibility and that the project actually fits the 'skill' model (not GPU-only, not purely frontend, not requiring complex local services). The SKILL.md lists sensible exclusion rules — follow them.
- Prefer a manual publish workflow for the first few runs: generate the SKILL.md, inspect it and any bundled files, then run clawhub publish yourself rather than allowing the agent to do it autonomously.
Because of the undeclared token requirement and instructions to write/modify system files and bundle arbitrary repository code into the agent workspace, treat this skill as suspicious and follow the precautions above before using it.
功能分析
Type: OpenClaw Skill
Name: github-to-clawhub
Version: 1.1.0
The skill automates the conversion of GitHub repositories into OpenClaw skills and handles publishing to ClawHub. It is classified as suspicious because it requests a sensitive API token (clawhub token) and includes instructions to perform a system-level file modification using 'sed -i' on a local library file (publish.js) within /usr/local/lib to patch a CLI bug. While these actions are contextually relevant to the skill's purpose, modifying system-wide files and handling authentication tokens via shell execution presents significant security risks without clear evidence of intentional malice.
能力评估
Purpose & Capability
The high-level purpose (turn a GitHub project into a ClawHub skill and publish it) is coherent with most steps (fetch README, write SKILL.md, publish). However the SKILL.md requires a ClawHub token and exec privileges while the registry metadata declares no required env vars or binaries — this mismatch is an incoherence. Also the workflow includes copying arbitrary repository scripts/configs into the agent's skills directory, which goes beyond mere metadata conversion and may require elevated filesystem access.
Instruction Scope
Instructions go beyond reading README and composing metadata: they fetch remote files, create local directories under /root/.openclaw/workspace/skills, place repository scripts/config files into the skill directory, set CLAWHUB_TOKEN in the environment for publishing, and suggest automated retries via external cron bots. Most concerningly, the doc instructs patching a globally installed CLI file (search/modify publish.js under /usr/local/lib) to bypass errors/rate-limits. These actions expand scope to system modification and arbitrary code inclusion.
Install Mechanism
There is no formal install spec (instruction-only), which reduces supply-chain risk, but the runtime instructions instruct modifying installed software (sed patch of publish.js under /usr/local/lib) and writing files into system paths. That behavior is effectively an installation/modification step and is high-risk because it alters third-party code on disk.
Credentials
The SKILL.md explicitly requires a ClawHub API token (format clh_xxx) and uses CLAWHUB_TOKEN in publish commands, but the skill metadata lists no required env vars and no primary credential — that's an inconsistency the user should notice. Requesting a publishing token is reasonable for the stated purpose, but the guidance to set it in environment and to run automated publish steps means that token could be used by the agent to publish or overwrite content; no scope/permission guidance is given. Also copying repo contents into the skill directory raises the risk of bundling secrets or executing malicious code from the repo.
Persistence & Privilege
The skill does not request 'always: true', but the runtime actions require writing persistent files into the agent's workspace (a path under /root/.openclaw) and potentially modifying global CLI files. Those are persistent, privileged changes to the host environment. Autonomous invocation is allowed by default; combined with the ability to publish and modify system files, that increases the blast radius if the skill were misused.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install github-to-clawhub - 安装完成后,直接呼叫该 Skill 的名称或使用
/github-to-clawhub触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.0
重写为正确版本:从 GitHub URL 到 clawhub 上架的完整自动化流程,包含 README 分析/查重/SKILL.md 撰写/发布/错误处理
v1.0.0
Initial release: 将 GitHub 开源项目转化为 OpenClaw skill 并发布到 clawhub 的完整流程封装
元数据
常见问题
GitHub → ClawHub 一键转化发布 是什么?
将 GitHub 开源项目转化为 OpenClaw skill 并发布到 clawhub 的完整流程助手。 当用户说"把这个 GitHub 项目做成 skill"、"把 XX 发布到 clawhub"、"把这个项目封装成 skill"、 "把 GitHub 链接转成 skill 上传"、"GitHub 转 ski... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 343 次。
如何安装 GitHub → ClawHub 一键转化发布?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install github-to-clawhub」即可一键安装,无需额外配置。
GitHub → ClawHub 一键转化发布 是免费的吗?
是的,GitHub → ClawHub 一键转化发布 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
GitHub → ClawHub 一键转化发布 支持哪些平台?
GitHub → ClawHub 一键转化发布 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 GitHub → ClawHub 一键转化发布?
由 antonia huang(@antonia-sz)开发并维护,当前版本 v1.1.0。
推荐 Skills