← 返回 Skills 市场
183
总下载
0
收藏
1
当前安装
7
版本数
在 OpenClaw 中安装
/install kai-skill-creator
功能描述
Create new OpenClaw skills that pass ClawHub validation on first attempt. Use when building a new skill for OpenClaw. Teaches the complete process from templ...
使用说明 (SKILL.md)
Kai Skill Creator
Create OpenClaw skills correctly. Learned from getting kai-minimax-tts and kai-skill-creator to pass ClawHub scan.
Quick Start
1. Clone Template
cp -r /home/kai/.openclaw/workspace/skills/kai-minimax-tts /home/kai/.openclaw/workspace/skills/\x3CNEW_SKILL>
2. Edit SKILL.md
CORRECT FRONTMATTER:
---
name: skill-name
description: What this skill does and when to use it
metadata:
openclaw:
requires:
bins:
- binary1
- curl
env:
- API_KEY
---
# My Skill
Brief description...
## Usage
Commands and examples...
3. Write Script
chmod +x /home/kai/.openclaw/workspace/skills/\x3CNEW_SKILL>/scripts/\x3Cscript>.sh
4. Validate
python3 /home/kai/.nvm/versions/node/v22.22.1/lib/node_modules/openclaw/skills/skill-creator/scripts/quick_validate.py /home/kai/.openclaw/workspace/skills/\x3CNEW_SKILL>
5. Copy to Global
cp -r /home/kai/.openclaw/workspace/skills/\x3CNEW_SKILL> /home/kai/.openclaw/skills/\x3CNEW_SKILL>
6. Register in Config
Add to ~/.openclaw/openclaw.json:
{
"skills": {
"entries": {
"\x3CSKILL_NAME>": {
"enabled": true
}
}
}
}
7. Publish
cd ~/.openclaw/workspace
npx clawhub publish skills/\x3CSKILL_NAME> --slug \x3CSKILL_NAME> --version 1.0.0 --tags "tag1,tag2"
⚠️ CRITICAL: What NOT to Do
❌ NEVER Hardcode API Keys
# FLAGGED!
API_KEY="sk-api-xxxxx"
❌ NEVER Load .env in Script
# FLAGGED! Security risk
source ~/.env
❌ NEVER Use homepage Key
# FLAGGED! Causes validation failure
homepage: https://example.com
❌ NEVER Mention External API URLs
# FLAGGED! External endpoint reference
Get key from: https://api.example.com
Keep docs minimal. Scanner interprets URL mentions as potential data exfiltration.
❌ NEVER Leave Env Vars Undeclared
# MISMATCH! Script uses $API_KEY but not declared
metadata:
openclaw:
requires: {}
❌ Script Syntax Errors
# Test your script before publishing!
bash script.sh --test
# If EOF error or syntax issues → FLAGGED
✅ The CORRECT Pattern
Declaring Requirements
metadata:
openclaw:
requires:
env:
- MINIMAX_API_KEY
- CUSTOM_VAR
bins:
- curl
- whisper
Using Env Vars (Auto-Injected)
# Just use directly - OpenClaw injects these
API_KEY="$MINIMAX_API_KEY"
curl -H "Authorization: Bearer ${API_KEY}" ...
Adding Secrets to Config
{
"skills": {
"entries": {
"my-skill": {
"enabled": true,
"env": {
"API_KEY": "actual_key_here"
}
}
}
}
}
Scanner Checks (What Gets Flagged)
The ClawHub scanner verifies:
- Coherence: Declared requirements match actual code
- No surprise permissions: Env vars/bins declared = actually used
- No data exfiltration: External URLs in docs = red flag
- Valid syntax: Scripts must parse without errors
- Purpose clarity: Description matches what code actually does
Green = purpose, permissions, and code all match.
Pre-Publish Checklist
- No API keys hardcoded anywhere
- No
.envloading statements - All env vars declared in
requires.env - All bins declared in
requires.bins - No
homepagekey - No external API URLs in docs
- Script has valid syntax (test it!)
- Script produces expected output
- Version bumped (1.0.0 → 1.0.1 → etc)
- Validated with quick_validate.py
Troubleshooting
| Problem | Cause | Fix |
|---|---|---|
| "Omits required env" | Env var used but not declared | Add to requires.env |
| "Binary not found" | Wrong binary name | Use exact name, no path |
| "Unexpected permissions" | More bins declared than needed | Remove unused |
| "Purpose mismatch" | Docs say one thing, code does another | Align description |
| "External endpoint" | URL mentioned in docs | Remove URL references |
| EOF/syntax error | Script has bash errors | Fix syntax before publish |
Testing Tips
Test script locally:
# With inline env var for testing
MINIMAX_API_KEY=test_key bash scripts/script.sh --speak "test" en
# Check syntax
bash -n scripts/script.sh
File Locations
| Purpose | Path |
|---|---|
| Workspace skills | ~/.openclaw/workspace/skills/ |
| Global skills | ~/.openclaw/skills/ |
| Config | ~/.openclaw/openclaw.json |
| Validator | /home/kai/.nvm/versions/node/v22.22.1/lib/node_modules/openclaw/skills/skill-creator/scripts/quick_validate.py |
| Template | ~/.openclaw/workspace/skills/kai-minimax-tts/ |
Updated 2026-03-20 - Full scan passage for kai-minimax-tts and kai-skill-creator
安全使用建议
This skill is coherent for building OpenClaw skills, but take these precautions before installing/using it: 1) Verify the absolute paths in SKILL.md (/home/kai/...) match your environment and update them if needed. 2) Review the create_skill.sh content locally to ensure it only does the expected file copies/renames and does not add unintended files. 3) Do not place production API keys in repository files; if you must add secrets to ~/.openclaw/openclaw.json, use test keys and ensure the file is not committed to source control. 4) Run the suggested validation locally (python3 quick_validate.py) and test your generated script with bash -n / functional runs before publishing. 5) If you plan to publish, confirm the template (kai-minimax-tts) is trustworthy and free of any external URLs or hidden endpoints.
功能分析
Type: OpenClaw Skill
Name: kai-skill-creator
Version: 1.0.6
The skill is a developer utility designed to automate the creation of OpenClaw skill templates and ensure they pass validation. The documentation in SKILL.md provides sound security advice, such as avoiding hardcoded API keys and not sourcing .env files. The helper script scripts/create_skill.sh performs standard local file operations (copying templates and generating metadata) within the expected OpenClaw directory structure and includes basic input sanitization. While it contains environment-specific hardcoded paths (e.g., /home/kai/), there is no evidence of malicious intent, data exfiltration, or unauthorized execution.
能力评估
Purpose & Capability
The name/description match the included SKILL.md and helper script: both are about creating new OpenClaw skills. Declaring python3 (used to run the provided quick_validate.py step) is reasonable even though the helper bash script itself doesn't need Python.
Instruction Scope
Instructions operate on the user's OpenClaw workspace and config (copying templates, writing SKILL.md, editing ~/.openclaw/openclaw.json and running a validator). This is expected for a skill-creation tool, but the docs contain absolute user-specific paths (/home/kai/...) and recommend placing secrets into the OpenClaw config — the user should confirm those paths match their environment and avoid putting production secrets into repository files.
Install Mechanism
There is no install spec and only an instruction-only SKILL.md plus a small bash helper script; nothing is downloaded or written to disk by an installer step beyond what the user runs locally.
Credentials
The skill declares no required environment variables. The documentation shows how to declare and let OpenClaw inject env vars, and instructs adding secrets to ~/.openclaw/openclaw.json — functionally coherent, but storing secrets in local config should be done carefully (use least-privilege test keys and avoid committing secrets).
Persistence & Privilege
The skill does not request always:true and does not auto-enable itself. It tells the user how to copy the skill to global directories and edit the agent config, which is expected for publishing a skill and is not an elevated privilege in itself.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install kai-skill-creator - 安装完成后,直接呼叫该 Skill 的名称或使用
/kai-skill-creator触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.6
- Major SKILL.md rewrite for clarity and concise guidance
- Added stricter instructions to avoid hardcoding API keys, loading .env files, or mentioning external URLs (to avoid ClawHub scanner flags)
- Provided a step-by-step, streamlined workflow for creating, validating, and publishing skills
- Expanded "What NOT to Do" with more scanner red flags and best practices
- Updated pre-publish checklist and troubleshooting table for faster validation and issue resolution
- Improved examples and file location references throughout
v1.0.5
Major update: Complete rewrite of documentation with a new "Do Not" list, best practices, and clearer instructions.
- Reorganized the setup process for clarity and conciseness.
- Added an explicit section listing critical mistakes to avoid (e.g., hardcoded secrets, .env use, homepage key).
- Streamlined instructions for declaring and using environment variables securely across Bash, Python, and Node.js.
- Expanded the Common Issues table, now mapping problems to fixes.
- Introduced path handling best practices and a comprehensive pre-publish checklist.
- Updated local testing and publishing guidance.
v1.0.4
kai-skill-creator 1.0.4 Changelog
- Overhauled the process for handling API keys: users should now add secrets to `openclaw.json` instead of `.env` files.
- Updated documentation to show secure environment variable declaration and usage via OpenClaw config.
- Clarified instructions for registering and enabling skills in the global config.
- Tightened security guidance: emphasized never placing API keys in skill or script files.
- Removed recommendation and code samples for `.env` file loading.
v1.0.3
kai-skill-creator 1.0.3
- Documentation updated in SKILL.md, clarifying correct frontmatter and security guidance.
- No functional or code changes; only improved instructions and best practices included.
v1.0.2
kai-skill-creator v1.0.2
- Updated SKILL.md to use clean YAML metadata format in frontmatter.
- Replaced legacy JSON-style metadata with standard YAML indentation.
- Added publishing instructions for ClawHub.
- Clarified steps for declaring required binaries and environment variables.
- Updated and condensed examples for required env vars and bins.
- Improved formatting of tips, common errors, and security checklist.
v1.0.1
**Major update: Adds important security guidance for handling API keys and sensitive data.**
- Added a new "SECURITY" section with clear instructions on storing API keys and secrets using environment variables.
- Provided templates and sample code to prevent hardcoding secrets in skill files.
- Included a checklist for safe publishing to ClawHub.
- Added concrete examples of both insecure and secure approaches to handling secrets.
- Updated last modified date in documentation.
v1.0.0
- Initial release of kai-skill-creator: a step-by-step guide to quickly and correctly creating new OpenClaw skills.
- Provides detailed instructions on cloning a template, editing SKILL.md with strict frontmatter requirements, and registering new skills.
- Offers troubleshooting tips for common issues like validation errors or missing binaries.
- Summarizes key folder locations and validation commands.
- Includes best practices and tips to ensure skills are detected and work smoothly with the OpenClaw system.
元数据
常见问题
Kai Skill Creator 是什么?
Create new OpenClaw skills that pass ClawHub validation on first attempt. Use when building a new skill for OpenClaw. Teaches the complete process from templ... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 183 次。
如何安装 Kai Skill Creator?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install kai-skill-creator」即可一键安装,无需额外配置。
Kai Skill Creator 是免费的吗?
是的,Kai Skill Creator 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Kai Skill Creator 支持哪些平台?
Kai Skill Creator 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Kai Skill Creator?
由 Blaze🔥(@ogdegenblaze)开发并维护,当前版本 v1.0.6。
推荐 Skills