ClawHub

Skill Designer

v1.0.0

通过需求收口帮用户从零设计一个 OpenClaw agent skill。逐步收集目标、输入、输出、过程控制,确认后输出完整的 skill 文件包(SKILL.md + 安装指南)。产出是文件,不替用户执行安装。当用户说"创建 skill"、"做一个技能"、"加一个能力"、"帮我把 XXX 变成 skill"时触发。

0· 84·0 current·0 all-time
by@shing19
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the runtime instructions: the skill's purpose is to gather requirements and generate a SKILL.md + README package. It requests no binaries, no env vars, and no installs — all proportional to an authoring/templating tool.
Instruction Scope
SKILL.md instructs the agent to interactively collect 4 requirement fields, design plans, and then write the generated files to output/<skill-id>/. This is consistent with a file-generation task. Note: the instructions imply searching for technical solutions (APIs/tools/best practices) and writing files to disk; if the runtime agent has network access it may perform lookups — this is expected but you should review generated outputs before executing any suggested installation commands or scripts.
Install Mechanism
There is no install spec and no code files — lowest-risk model. The skill only emits files; it does not download or install third-party code itself.
Credentials
The skill declares no environment variables, no credentials, and no config paths. Nothing requests secrets or unrelated service access.
Persistence & Privilege
always:false and default autonomous invocation are appropriate. The skill explicitly forbids installing itself or modifying other agent files. It will write generated files to its working directory (output/<skill-id/>), which is normal for a generator and does not imply elevated privileges.
Assessment
This skill appears to be a benign authoring assistant that collects requirements and outputs a skill package. Before using it: 1) confirm your agent environment allows writing to the reported output/<skill-id>/ path and that you trust any generated scripts; 2) always review the generated SKILL.md, README, and any scripts in scripts/ before copying them into a production agent or running them (they may include install commands or downloads); 3) if the generated files reference external downloads or API keys, verify those references and do not paste secrets unless you understand why they're needed. If you want stronger assurance, request the skill to avoid embedding any automatic download/install steps and to flag any recommended network calls explicitly in the package.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bbkb5m94zcb276hqjq7afkd84027k

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments