ClawHub

Skill Development Guide / Skill 开发指南,tutorial, guide, skill, development, openclaw, qclaw, ai, mcp, how-to, 教程, 开发指南, skill-builder, clawhub

v1.0.0

Comprehensive tutorial for building reusable AI Skills with instructions, scripts, security best practices, and examples on ClawHub and OpenClaw platforms.

0· 105·0 current·0 all-time
by@cccpan
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (Skill development guide) matches the provided files and instructions: examples, templates, and guidance for creating SKILL.md files. The skill declares no binaries, env vars, or installs—consistent with a documentation/tutorial artifact.
Instruction Scope
SKILL.md contains guidance, templates, and example scripts. It does not instruct the agent to read system files, export unrelated environment variables, or exfiltrate data. Example scripts reference common tools (jq, curl) but are illustrative; they do not broaden scope beyond documenting how to build skills.
Install Mechanism
No install spec and no code is installed or written to disk by the skill itself (instruction-only). This is the lowest-risk install model and is appropriate for a tutorial.
Credentials
The skill requests no environment variables, credentials, or config paths. The guidance explicitly warns against hardcoded secrets and unsafe shell practices (e.g., set -a), which is consistent with minimal privilege.
Persistence & Privilege
Flags are default (always: false). The skill does not request persistent presence or modify other skills/config. Autonomous invocation by agents is allowed by platform default but is not enabled here in a way that grants extra privileges.
Assessment
This is a documentation/tutorial skill and appears coherent and low-risk. Before using any example scripts: inspect them (especially any that will be executed), remove or replace placeholders, and ensure no hardcoded secrets are included. If you copy templates into a real Skill, document any external API endpoints and required credentials, and only grant the minimal commands or environment variables the Skill truly needs. Finally, be cautious before running example scripts on production systems—review their I/O and error handling first.

Like a lobster shell, security has layers — review code before you run it.

latestvk97228yfhqv4ga75znxkr6psd1836sbn

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments