AstrBot plugin dev skill
v1.0.0Guide for developing AstrBot plugins that match the AstrBot main repo, pass astr-plugin-reviewer checks, and cover commands, filters, hooks, LLM integrations...
⭐ 1· 23·0 current·0 all-time
by若月千鸮@camera-2018
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill's name and description match its contents: a reviewer-first guide and reference set for building AstrBot plugins. All required artifacts (metadata.yaml, main.py, _conf_schema.json, requirements.txt) and coding patterns described are appropriate for that purpose.
Instruction Scope
Runtime instructions are limited to developer guidance: file layouts, import conventions, hook signatures, and reviewer checklist. The SKILL.md and referenced files do not ask the agent to read unrelated system files, exfiltrate data, or call external endpoints beyond normal plugin behavior. They reference only plugin-local paths and AstrBot runtime APIs.
Install Mechanism
There is no install spec and no code files to execute. As an instruction-only skill, it does not pull code or write to disk at install time, which is the lowest-risk configuration.
Credentials
No environment variables, credentials, or config paths are requested by the skill. The guidance explains how plugins may accept API keys via _conf_schema.json (user-provided) but the skill itself does not require or request secrets.
Persistence & Privilege
The skill is not always-enabled and does not request persistent system presence. It is user-invocable and permits model invocation (normal for skills), and it contains no instructions to modify other skills or global agent settings.
Assessment
This is a coherent, instruction-only developer guide for AstrBot plugins. Before using it: (1) Treat the guide as documentation-only — it won’t install or run code itself. (2) When you implement a plugin following these docs, review any third-party packages you add to requirements.txt and avoid embedding secrets in metadata or source; prefer the documented _conf_schema.json for user-supplied API keys. (3) Pay attention to the reviewer checklist and hook/send semantics to avoid runtime failures. (4) If you plan to publish, verify the repository URL and metadata.yaml contents match marketplace expectations and audit any network or LLM calls your plugin makes (those calls will run in the plugin, not in this guide).Like a lobster shell, security has layers — review code before you run it.
latestvk9709z1xeghg7aqd6j0q7tjp7984q4tt
License
MIT-0
Free to use, modify, and redistribute. No attribution required.