AI Skill Creator
v1.1.0AI公司 Skill 创作工作流(CTO MLOps + CISO 安全标准版)。当需要从头创建新 Skill(包括初始化目录结构、编写 SKILL.md、引用文件、脚本资源、安全审查、质量门禁)时使用。触发关键词:创建技能、新建 Skill、开发 Skill、创建 skill、新建技能包。整合 CTO MLOp...
⭐ 0· 57·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
medium confidencePurpose & Capability
The name/description match the content: this is a workflow for creating/publishing Skills and includes design, QA and security checklists. However, the SKILL.md mandates use of an init_skill.py script (and references scripts/) while the published package contains only SKILL.md and references/ documents — no scripts. That mismatch is likely an omission (documentation expecting a helper script that isn't bundled) rather than malicious, but it is an incoherence to resolve.
Instruction Scope
Runtime instructions cover creating directories, running an init script, performing security reviews, and using ClawHub for packaging/publishing. The instructions reference filesystem paths (e.g. ~/.qclaw/skills, absolute skill-path parameters), agent-to-agent calls (sessions_send/sessions_spawn), and use of python/clawhub commands. They do not instruct reading obvious sensitive directories (e.g. ~/.ssh or ~/.aws) and the included security checklist explicitly forbids such actions. Still, the skill asks agents to run commands and interact with the file system and network for publishing — reasonable for its purpose but worth validating in your environment.
Install Mechanism
This is an instruction-only skill with no install spec and no bundled binaries. That minimizes install-time risk because nothing is being downloaded or executed automatically from external URLs by the package itself.
Credentials
The skill declares no required environment variables or credentials, which is appropriate for a creator/guide. However, parts of the workflow (publishing via ClawHub) will require user credentials and network access at publish time; those are not declared in the package metadata (this is expected for an instruction-only guide, but verify before performing publishing steps). The SKILL.md enforces CISO-001 authorization for critical reviews, which is consistent with the intended workflow.
Persistence & Privilege
The skill is not force-included (always:false) and is user-invocable. It does not request persistent privileges or attempt to modify other skills' configs. The workflow expects isolated agent sessions and imposes path validation rules, which reduces privilege risk.
Assessment
This package is a documentation-first 'Skill creation' workflow and appears coherent with that purpose. Before using it: (1) confirm the init_skill.py script referenced in Phase 0 actually exists on your system (the package does not include it); (2) when you run any init/publish commands, run them in an isolated test workspace to confirm they write only where intended (the SKILL.md expects ~/.qclaw/skills); (3) publishing requires ClawHub CLI login — only run those steps if you trust the registry and want to provide credentials; (4) review the included security checklist (references/security-review.md) and verify the agent or user performing automated checks is constrained from reading sensitive directories (e.g., ~/.ssh, ~/.aws); (5) if you need higher assurance, ask the publisher for the missing scripts or an explanation of where init_skill.py is expected to come from and re-run a static/dynamic review of those scripts before granting write/exec permissions.Like a lobster shell, security has layers — review code before you run it.
automationvk97fasf1e38rybq1vs9yy9f3k584pqnbctivk97fasf1e38rybq1vs9yy9f3k584pqnblatestvk97fasf1e38rybq1vs9yy9f3k584pqnbmlopsvk97fasf1e38rybq1vs9yy9f3k584pqnb
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🛠️ Clawdis
OSLinux · macOS · Windows