ClawHub

Kinema's Skill Making Pipeline

v1.4.0

KinemaClaw Skill development and publishing specification. Defines the standard process for skill development, version management, and publishing. All skills...

0· 138·1 current·1 all-time
byKinema.@leeshunee
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the provided content: the files and SKILL.md contain a skill development and publishing specification. All instructions (git tag, GitHub release, clawhub publish) are coherent with the stated purpose.
Instruction Scope
The SKILL.md is largely procedural guidance. One fallback Node.js snippet reads a local ClawHub config file (~/.config/clawhub/config.json) to obtain a token and uploads repository files to https://clawhub.ai/api/v1/skills. That behavior is expected for a publish fallback but introduces a sensitive action (reading a local token file and transmitting files to ClawHub) which deployers should review before running.
Install Mechanism
No install spec or code files are provided; this is instruction-only which minimizes installation risk.
Credentials
The skill declares no required env vars or credentials, but the Node fallback implicitly uses process.env.HOME to locate ~/.config/clawhub/config.json and extract a token. This is proportional to the publishing task but should be explicitly acknowledged since it accesses a local credential file not declared in metadata.
Persistence & Privilege
always is false, no persistent/background privileges requested, and the skill does not attempt to modify agent/system-wide configs. Autonomous model invocation is allowed (default) but that is normal and not problematic here.
Assessment
This skill is a documentation/specification for developing and publishing skills and is internally consistent. Before using the provided Node.js fallback: (1) inspect the snippet — it reads ~/.config/clawhub/config.json for a token and uploads files to https://clawhub.ai; only run it if you trust the target ClawHub account and you intend to publish. (2) When publishing, ensure the file list excludes any secrets (config files, .env, private keys). (3) Prefer using the official cli (clawhub publish) or an explicit, audited environment variable for tokens rather than running one-off scripts that read config files. (4) If you need higher assurance, request the canonical publishing CLI or an audited automation script from the repository owner.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dsqp3jw3rgv62we0pbqd9bs841xhv

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments