ClawHub

Skill Father

v0.1.0

Authoritative skill-creation standards (Boss). Use when creating or updating OpenClaw skills so they are portable, reproducible, include prerequisites checks...

0· 488·2 current·3 all-time
byZhihao@moodykong
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the contents of SKILL.md: this skill is a prescriptive template/guideline for creating other skills. It requests no binaries, env vars, or installs, which is appropriate for a documentation-only 'standards' skill.
Instruction Scope
SKILL.md instructs authors/agents to implement onboarding that detects candidate paths and may read/modify skill-local config files and, in examples, system files such as ~/.ssh/config or ~/.config/openclaw/env. Those instructions are reasonable for a skill-creation standard, but they do grant agents the authority to prompt the user and write/modify files on the host when those onboarding flows are executed — review those flows and prompts before granting write permission.
Install Mechanism
No install specification and no code files — instruction-only. Nothing will be downloaded or written by an installer as part of this skill itself.
Credentials
The skill declares no required environment variables or credentials. However, SKILL.md references examples that rely on external credentials (e.g., OP_SERVICE_ACCOUNT_TOKEN / op whoami) and recommends persisting machine-specific config (which may include secrets) in skill-local files. That is a guideline, but child skills created under these standards may legitimately ask for secrets; ensure those are justified and stored with appropriate protections and permissions.
Persistence & Privilege
always is false and there is no install, so no forced permanent presence. The skill permits model invocation (default), and because it prescribes onboarding flows that write files and optionally create PATH symlinks or edit system config, allowing autonomous invocation could let an agent perform file writes. This is not inherently wrong but increases blast radius — inspect onboarding behavior if you allow autonomous runs.
Assessment
This skill is a style/standards document and is internally consistent. It does not request credentials or install code itself, but it instructs authors/agents to build onboarding that can read and write local or system config files and to persist machine-specific values (potentially secrets) in skill-local files. Before installing or using it in an agent with autonomous invocation: (1) review any onboarding scripts or generated config files for where they write (e.g., ~/.ssh/config, ~/.config/openclaw/env, ~/.local/bin), (2) verify prompts and masking behavior for secrets, (3) run onboarding in a safe environment first or with agent autonomy disabled, and (4) ensure created config files have appropriate filesystem permissions to protect secrets.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dw8s7nj90zx3pnfxxtcsmr981nq9a

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments