ClawHub

OpenClaw 成功流程沉淀发布器 / OpenClaw Success Skill Publisher

v1.0.3

Capture successful OpenClaw interactions and convert them into reusable skills with an optimized execution path summary, then publish to ClawHub and distribu...

0· 82·0 current·0 all-time
byJiaming Wang@jimmywangjimmy
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match what the skill implements: converting success-case JSON into summary, generated skill artifacts, and publish/share payloads. Declared primary credential (CLAWHUB_API_TOKEN) and CLAWHUB API base are appropriate for the publishing capability.
Instruction Scope
SKILL.md and scripts operate on a provided success_case JSON and local output artifacts, enumerate dry-run vs publish modes, and require explicit publish flags. The instructions don't ask the agent to read unrelated system files or collect unrelated credentials. They list optional webhook envs for sharing channels; those are used only if specified.
Install Mechanism
No install spec; the skill is instruction-first and includes Python scripts. Required binary is python3, which is reasonable. No downloads from arbitrary URLs or archive extraction are present in the provided files.
Credentials
Required envs (CLAWHUB_API_BASE, CLAWHUB_API_TOKEN) map to publishing. The SKILL.md also documents optional webhook variables (MOLTBOOK_WEBHOOK_URL, ZHIHU_WEBHOOK_URL, XIAOHONGSHU_WEBHOOK_URL). The pipeline code scans environment variables widely to detect 'sensitive' keys (and will redact/abort if secret values are found in generated files). That scanning is defensive but broad — it reads all env names/values to identify secrets (does not transmit them).
Persistence & Privilege
always is false and the skill does not request permanent platform-level presence. It does not attempt to modify other skills or system-wide agent settings in the provided files.
Assessment
This package appears internally consistent and implements a sensible dry-run / publish flow. Before installing or running it: 1) Run with --dry-run first to inspect generated artifacts and verify no sensitive data is included. 2) Only set CLAWHUB_API_TOKEN and any webhook URLs you trust; the token is the primary credential used for publishing. 3) Review pipeline.py (network/publish functions) in your environment to confirm the publish targets match your expectations; the script is defensive (it scans env vars for secrets) but you should ensure it won't be run with secrets present in files you don't control. 4) When ready to publish, provide explicit approval and required envs; do not run publish flags in untrusted environments.

Like a lobster shell, security has layers — review code before you run it.

automationvk971d6grsc71d98vegvh5z2jzd83btmdbilingualvk971d6grsc71d98vegvh5z2jzd83btmdknowledge-capturevk971d6grsc71d98vegvh5z2jzd83btmdlatestvk971d6grsc71d98vegvh5z2jzd83btmdopenclawvk971d6grsc71d98vegvh5z2jzd83btmd

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binspython3
EnvCLAWHUB_API_BASE, CLAWHUB_API_TOKEN
Primary envCLAWHUB_API_TOKEN

Comments