ClawHub

Skill Linter

v1.0.0

Analyze and validate SKILL.md files for best practices, common issues, and improvement suggestions. Use when reviewing a Skill, creating a new Skill, or when...

0· 79·1 current·1 all-time
by@mengbin92·duplicate of @mengbin92/skill-linter
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, the SKILL.md runtime instructions, and the provided Python linter are all aligned: they parse YAML frontmatter and check the markdown body for best practices. The skill requests no unrelated binaries, env vars, or config paths. Note: the included script accepts an arbitrary filepath argument and will read whatever file path it is given — functionally consistent with a linter but means the script can read any file you pass to it.
Instruction Scope
SKILL.md instructs the agent to load and analyze a SKILL.md file and produce a structured report — the linter code implements exactly that. The top frontmatter includes allowed-tools: Read, Edit, Write, which is reasonable if the skill will propose or apply edits, but it also expands the agent's ability to read/write files. The code itself does not access network endpoints or other system state beyond reading the supplied file path.
Install Mechanism
No install spec is present (instruction-only usage). A Python file is included but there is no automatic install/download or archive extraction. This is low risk: nothing is fetched from external URLs and no installers run.
Credentials
The skill requires no environment variables, credentials, or config paths. The absence of secrets or unrelated env requests is proportionate to a documentation/linting tool.
Persistence & Privilege
always:false and user-invocable:true (defaults) — no persistent/always-on privilege requested. The skill does not attempt to modify other skills or system-wide agent settings. The only potential privilege is file read/write if the agent is granted allowed-tools permissions.
Assessment
This skill appears coherent and focused: it lints SKILL.md files, needs no credentials, and includes a straightforward Python script that reads the file you provide and prints a report. Before installing or granting file access, consider: 1) only run it against SKILL.md files (or review the script) because it will read any path you pass it; 2) if you don't want the skill to modify files, remove or avoid granting the 'Write'/'Edit' allowed-tools or ensure it runs in read-only mode; 3) if you need higher assurance, review the included skill_linter.py locally to confirm there are no network calls or surprising behavior and run it on a sample SKILL.md first.

Like a lobster shell, security has layers — review code before you run it.

latestvk978aqs3cmj8892dqxkqjz82q183kk40

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments