ClawHub

jash

v1.0.0

Guide for creating effective skills. This skill should be used when users want to create a new skill (or update an existing skill) that extends Claude's capabilities with specialized knowledge, workflows, or tool integrations.

1· 2.3k·10 current·10 all-time
byDoshi Jash Amit@jash2368-collab·duplicate of @chindden/skill-creator
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The SKILL.md describes a 'skill creator' guide and the bundled scripts (init_skill.py, package_skill.py, quick_validate.py) implement exactly the expected functionality: initializing a skill template, validating SKILL.md frontmatter, and packaging a skill folder. No unrelated credentials, network endpoints, or unusual binaries are present.
Instruction Scope
SKILL.md stays on-topic (structure, templates, references, when to include scripts/assets). It does not instruct reading arbitrary system files or exfiltrating data. It does note that scripts can be executed or read for patching, which is appropriate for a template skill; the included scripts perform only local file I/O (create directories/files, validate, zip).
Install Mechanism
There is no install spec (instruction-only) and no external downloads. The included code files are bundled with the skill rather than fetched from remote URLs, so there is no high-risk install mechanism.
Credentials
The skill declares no required environment variables or credentials (appropriate). However, the bundled scripts are Python programs and quick_validate.py imports the 'yaml' module (PyYAML), which the metadata does not declare as a dependency or binary requirement — an operational mismatch (not a credential leak). Users should ensure the runtime has Python and PyYAML before running the scripts.
Persistence & Privilege
The skill is not forced-always or privileged. It is user-invocable and can be invoked autonomously by the agent (default behavior). The included scripts write files and create directories at user-specified paths and can package or overwrite content if executed — this is expected for a packager/initializer but is a filesystem-impacting capability the user should review.
Assessment
This skill is a template/guide and appears to be what it says. Before installing or running anything: (1) review the three bundled Python scripts to confirm they perform only the actions you expect, (2) run them in a safe location (not a system directory) to avoid accidental overwrites, (3) ensure your environment has Python and the PyYAML package (quick_validate.py imports yaml), and (4) be aware that allowing the agent to execute these scripts will let it create, modify, and package files on disk. None of the files request secrets or contact external endpoints, so the main risks are accidental filesystem changes and unmet runtime dependencies.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dpexej9hk0n1kjqs6pkcwcs803tk8

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments