← 返回 Skills 市场
Skill Publisher Claw Skill
作者
acastellana
· GitHub ↗
· v0.1.0
1951
总下载
1
收藏
3
当前安装
1
版本数
在 OpenClaw 中安装
/install skill-publisher-claw-skill
功能描述
Prepare and audit a Claw skill for public release by validating structure, security, portability, documentation, testing, git hygiene, and metadata.
安全使用建议
This toolkit appears coherent for preparing and publishing skills, but it performs file and git operations — review the scripts before running. Recommended precautions:
- Inspect publish.sh, fix.sh, and scaffold.sh to understand exactly what will be changed/committed.
- Run audit.sh and score.sh in a disposable copy of your repository first (do not run publish.sh on a repo you can't restore).
- If you don't want automatic pushes, avoid running publish.sh or run it with caution; remove/configure the 'gh' CLI auth if you don't want remote creation/push.
- Backup or ensure a clean git branch before letting fix.sh apply automated edits (fix.sh does in-place sed replacements and can commit changes via publish.sh).
- If you allow an autonomous agent to call this skill, restrict it or ensure GitHub CLI is not authenticated in that runtime environment to prevent unintended pushes.
Overall: coherent and expected behavior for a publisher tool, but treat it like any script that modifies your repo — review and run in a controlled environment.
功能分析
Type: OpenClaw Skill
Name: skill-publisher-claw-skill
Version: 0.1.0
This OpenClaw skill bundle is designed to audit, fix, scaffold, and publish other OpenClaw skills. All included shell scripts (`audit.sh`, `fix.sh`, `publish.sh`, `scaffold.sh`, `analyze.sh`, `score.sh`, `validate-links.sh`, `changelog.sh`) and the `SKILL.md` instructions are clearly aligned with this stated purpose. The `SKILL.md` and `audit.sh` contain `grep` commands to search for secrets (e.g., API keys, passwords) and personal data, but these are intended to *find* and *remove* such sensitive information from the *audited skill*, not to exfiltrate data from the agent's environment or the host system. Network calls (e.g., `git push`, `gh repo create`, `curl` for link validation) are legitimate actions for publishing and validating a skill. There is no evidence of intentional harmful behavior, prompt injection with malicious objectives, or unauthorized data exfiltration.
能力评估
Purpose & Capability
The name/description (skill publisher) matches the included files and behavior: audit.sh, fix.sh, scaffold.sh, publish.sh, score.sh, etc. All scripts perform repository-quality checks, scaffolding, auto-fixes, changelog generation, and GitHub publishing — capabilities that belong in a 'skill publisher' toolkit.
Instruction Scope
SKILL.md provides a checklist and guidance; the shipped scripts implement scanning and remediation. The scripts read and modify files in the target skill directory, inspect git history (git log -p), edit files (sed), create commits, and (optionally) create/push to GitHub via the GitHub CLI. These behaviors are expected for a publish workflow, but they do mean the skill will inspect and mutate repository contents when run.
Install Mechanism
No install spec — the skill is instruction + scripts only. That is the lowest-risk delivery model for this purpose. The scripts rely on standard Unix tools (grep, sed, git, gh) but do not download or execute code from remote URLs as part of an install step.
Credentials
The package declares no required environment variables or credentials, which is consistent. Some scripts expect Git and optionally the GitHub CLI (gh) and a configured git user; publish.sh will attempt to use gh auth to create/push repos. Although no secrets are requested by the skill explicitly, if the user has gh authenticated (or git remotes configured) these scripts will act using that existing authorization.
Persistence & Privilege
always:false (normal). The skill does not request persistent system privileges, but several scripts will modify local files, initialize/git-commit a repository, and push to remote(s) when run. If the agent is allowed to invoke the skill autonomously and has access to gh/git credentials in the environment, it could perform publish/push operations without further human review — this is expected for a publishing tool but worth being conscious of.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install skill-publisher-claw-skill - 安装完成后,直接呼叫该 Skill 的名称或使用
/skill-publisher-claw-skill触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
Initial release of skill-publisher-claw-skill.
- Provides a comprehensive checklist for preparing Claw skills for public release.
- Covers structure validation, security audit, portability, code quality, documentation, testing, git hygiene, and metadata requirements.
- Includes clear step-by-step instructions, command examples, and anti-patterns for each area.
- Supplies templates and checklists for SKILL.md and README.md files.
- Emphasizes removing sensitive data and ensuring skills are clean, portable, and well-documented before publication.
元数据
常见问题
Skill Publisher Claw Skill 是什么?
Prepare and audit a Claw skill for public release by validating structure, security, portability, documentation, testing, git hygiene, and metadata. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1951 次。
如何安装 Skill Publisher Claw Skill?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install skill-publisher-claw-skill」即可一键安装,无需额外配置。
Skill Publisher Claw Skill 是免费的吗?
是的,Skill Publisher Claw Skill 完全免费(开源免费),可自由下载、安装和使用。
Skill Publisher Claw Skill 支持哪些平台?
Skill Publisher Claw Skill 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Skill Publisher Claw Skill?
由 acastellana(@acastellana)开发并维护,当前版本 v0.1.0。
推荐 Skills