ClawHub

openclaw skill creator

v1.0.2

Teach your OpenClaw agent new tricks by creating custom skills. Use when you want your agent to do something it can't do yet — like "read my Google Calendar"...

0· 86·0 current·0 all-time
byclaw0x@kennyzir
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description match the behavior found in handler.ts and SKILL.md: the package is a local skill creator that generates skill templates (Google Calendar, Slack, CSV) and instructions. There are no unrelated environment variables, binaries, or install steps requested by the generator itself.
Instruction Scope
The SKILL.md and handler.ts limit actions to generating skill files and guidance. The generator does not attempt to read arbitrary system files, exfiltrate data, or call external endpoints itself. It does include templates that instruct the user how to configure credentials for external services (which is expected for those integrations).
Install Mechanism
No install spec is provided (instruction-only), and the included handler.ts is local code. There are no downloads, URL-based installs, or archive extraction steps in the skill bundle.
Credentials
The generator declares no required environment variables. Templates reference service-specific credentials (e.g., GOOGLE_CALENDAR_CREDENTIALS, SLACK_BOT_TOKEN) only in contexts where external integrations would legitimately need them. No unrelated secrets or broad system credentials are requested.
Persistence & Privilege
The skill is not marked always:true and does not request elevated or persistent system-wide privileges. It does not modify other skills' configuration or agent settings beyond producing guidance for the user to add skill files and environment variables.
Assessment
This generator appears to be what it claims: a local tool that writes new SKILL.md files and example code. However, the skills it creates (e.g., Google Calendar reader or Slack messenger) will legitimately require API credentials or service-account files. Before using any generated skill, review the generated SKILL.md and code: 1) only provide API keys or JSON credential files if you trust the integration and understand its scope; 2) store credentials securely (avoid world-readable files and prefer least-privilege tokens); 3) check the generated code for any endpoints or behaviors you do not expect; and 4) test new skills in a limited or non-production environment first. If you want higher assurance, ask the author for provenance or signed releases, or run the generated code through your organization's code review process before enabling it in agents that have access to sensitive data.

Like a lobster shell, security has layers — review code before you run it.

latestvk970dh5cbdfg4q4q4jvf3petbd83cv52

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments