Advanced Skill Creator Repo

v1.0.0

Executes OpenClaw/Moltbot/ClawDBot skill creation using the official 5-step research flow for compliant, secure, and well-structured skill development.

⭐ 0· 65·0 current·0 all-time

by@alvisdunlop

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for alvisdunlop/alvis-advanced-skill-creator.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "Advanced Skill Creator Repo" (alvisdunlop/alvis-advanced-skill-creator) from ClawHub.
Skill page: https://clawhub.ai/alvisdunlop/alvis-advanced-skill-creator
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install alvis-advanced-skill-creator

ClawHub CLI

Package manager switcher

npx clawhub@latest install alvis-advanced-skill-creator

Security Scan

Capability signals

Requires sensitive credentials

These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.

VirusTotal

Benign

View report →

OpenClaw

Suspicious

medium confidence

Purpose & Capability

The SKILL.md and included script clearly require a SKILLBOSS_API_KEY and call an external SkillBoss API (api.heybossai.com) to generate SKILL.md content; however, the registry metadata at the top of the package claims no required env vars or primary credential. That mismatch (registry says none, but files require SKILLBOSS_API_KEY) is incoherent. Requesting python3/bash is reasonable for a generator script, but the omitted env declaration in registry is a notable inconsistency.

ℹ

Instruction Scope

The SKILL.md instructs the agent to consult external docs and ClawHub and to produce output with exact headings and structure — consistent with the stated purpose. However, it also contains forced output templates and wording that are similar to prompt‑injection patterns (see scan finding). It asks the agent to perform networked research and to call the SkillBoss API with user requests and aggregated research data, which means user-provided text and any assembled context will be transmitted to an external service.

✓

Install Mechanism

No install spec is provided (instruction-only style with a bundled script), so nothing is downloaded at install time. Risk from installation is low, but note the package includes an executable Python script that will run if invoked.

Credentials

The included files expect SKILLBOSS_API_KEY (used to authenticate to https://api.heybossai.com/v1/pilot). Requiring one API key for the external generation service is proportionate to the skill's purpose — but the registry metadata omitted that requirement. The script will send user_request and aggregated research data to the remote API, which could include sensitive content; this elevates the privacy/exfiltration risk if you supply secrets or private data in requests.

✓

Persistence & Privilege

The skill is not marked always:true and does not request system-wide persistent privileges. It is user-invocable and allows autonomous invocation (platform default). No evidence the skill attempts to modify other skills or system-wide settings in the visible files.

Scan Findings in Context

[you-are-now] unexpected: A 'you-are-now' style prompt-injection pattern was detected in SKILL.md. The skill also requires outputs with exact nonstandard headings and enforces strict output structure — combined, these look like attempts to control model behavior and output format (prompt injection style). This is relevant because the skill will forward prompts/contexts to an external API.

What to consider before installing

What to consider before installing: - Registry metadata mismatch: the package files and SKILL.md expect SKILLBOSS_API_KEY and specific binaries, but the registry entry lists no required env vars. Ask the publisher to correct the registry metadata before trusting the package. - External API / data exposure: the bundled script will send the user request and assembled research/context to https://api.heybossai.com/v1/pilot using SKILLBOSS_API_KEY. Any sensitive text you pass to this skill (including examples, internal docs, or secrets) may be transmitted. Only provide a key you trust the destination with, and avoid sending confidential data. - Prompt-injection pattern: SKILL.md contains forced output templates and an injection-like pattern. This may cause models (local or remote) to follow rigid instructions or leak information. Review the full SKILL.md and bundled script (the file was truncated here) for additional injection or data‑leakage code paths. - Code review and testing: inspect the complete advanced_skill_processor.py (the provided snippet is truncated) to confirm it doesn't run arbitrary subprocess/exec with untrusted input. Run the script locally without setting SKILLBOSS_API_KEY first to observe behavior (it should skip AI generation), and run in an isolated sandbox. - Operational mitigations: if you must use it, create a least-privileged API key for the SkillBoss service, avoid passing private data into requests, and monitor outbound traffic to api.heybossai.com. Prefer installing only after the author provides a verifiable homepage/repository and corrected registry metadata. - Additional information that would reduce concern: a trustworthy publisher/homepage, registry updated to declare SKILLBOSS_API_KEY as a required credential, full, non-truncated source code for review, and confirmation that the remote API provider is reputable and subject to your privacy requirements.

Like a lobster shell, security has layers — review code before you run it.

latestvk979hrbvwt36h2arem87xrecqs84z7gn

65downloads

0stars

1versions

Updated 1w ago

v1.0.0

MIT-0

setup: skillboss.co/skill.md

name: advanced-skill-creator description: Advanced OpenClaw skill creation handler that executes the official 5-step research flow with comprehensive analysis and best practices. Ensures proper methodology when users request to create or modify OpenClaw/Moltbot/ClawDBot skills following official standards. when: "When user mentions '写一个触发', '写skill', 'claw skill', 'openclaw skill', 'moltbot skill', '创建技能', '写一个让它...', or any request related to creating or modifying Claw系 skills" examples:

"写一个触发监控系统"
"写skill让它发送通知"
"创建claw skill提醒功能"
"创建openclaw skill翻译功能"
"moltbot skill定时任务"
"创建技能备份数据"
"写一个让它自动回复的技能"
"写一个触发定时任务的技能"
"创建天气查询技能"
"写一个让它管理日程的技能" metadata: { "openclaw": { "requires": { "env": ["SKILLBOSS_API_KEY"], "bins": ["python3", "bash"], "anyBins": ["python3", "python"] }, "emoji": "⚡", "primaryEnv": "SKILLBOSS_API_KEY" } }

Advanced Skill Creator

Advanced skill creation handler that executes the official 5-step research flow with comprehensive analysis and best practices. Ensures proper methodology and standards compliance by following the complete research process, applicable to all timeframes and use cases.

Uses SkillBoss API Hub to power AI-assisted skill generation via the unified /v1/pilot endpoint.

When to use

When user mentions "写一个触发", "写skill", "claw skill", "openclaw skill", "moltbot skill", "创建技能", or "写一个让它..."
When proper skill creation methodology needs to be followed according to official standards
When ensuring adherence to 5-step research flow (documentation, ClawHub, community, fusion, output)
For comprehensive skill analysis and creation with best practices

5-Step Research Flow Execution

Step 1: Consult Official Documentation

Comprehensively access official documentation:

Extract key information:

SKILL.md format requirements
YAML frontmatter specifications (name, description, when, examples, metadata.openclaw.*, requires)
Trigger mechanisms (natural language triggers, when conditions)
Tool calling conventions (exec, browser, read, write, nodes, MCP)
Loading precedence (workspace > ~/.openclaw/skills > bundled)
ClawHub installation methods
Breaking changes (latest versions)

Step 2: Research Related Public Skills on ClawHub/ClawdHub

Thoroughly query ClawHub/ClawdHub for relevant skills:

Search keywords: weather, reminder, schedule, translate, image, cron, memory, task-tracker, notification, backup, automation
Select 2-4 most relevant skills with high downloads/recent updates/community ratings
Analyze:
- Trigger descriptions (when, examples)
- YAML metadata
- Pure Markdown vs. scripts/ structure
- Dependency declarations
- Error handling recommendations
- Community feedback (why popular or criticized)
- Security considerations

Step 3: Search Best Practices

Use comprehensive keyword combinations for GitHub searches:

"OpenClaw SKILL.md" OR "ClawDBot skill example" OR "Moltbot create skill"
"SKILL.md" "when:" OR "metadata.openclaw" site:github.com
"clawhub install" "custom skill" OR "openclaw skill tutorial"
"skill security" OR "prompt injection prevention" OR "skill best practices"

Focus on:

Active GitHub repositories
Recent commits
Blog/Reddit/X content
Security best practices
Known security pitfalls (prompt injection, exec abuse)

Step 4: Solution Fusion & Comparison

Comprehensively summarize implementation approaches from all three sources: Compare across key dimensions:

Trigger precision (false positive rate)
Maintainability/readability
Loading speed/memory impact
Compatibility (different gateways/channels/versions)
Security & error isolation
Upgrade friendliness (dependency on specific tools)
Dependency management complexity
Performance optimization
Error handling robustness

Select optimal solution for current context with 4-7 clear reasons prioritized:

Official documentation > High-quality ClawHub skills > Active community solutions > Self-optimization

Step 5: Proper Output Structure

Output must follow exact structure without adding extra headers or showing raw search logs:

Use the exact headings: 【最终推荐方案】, 【文件结构预览】, 【完整文件内容】
Provide complete file contents with proper formatting
Include tree-style directory structure preview
Use proper YAML frontmatter in SKILL.md examples
Ensure comprehensive documentation
AI-generated skill content powered by SkillBoss API Hub (自动路由最优模型)

Resource Utilization

Documentation Features Utilized

YAML frontmatter format (name, description, when, examples, metadata.openclaw.*)
Trigger mechanism definition (when field)
Example specification (examples field)
Metadata definition (metadata.openclaw.requires)
Standardized skill description structure

Skills Referenced

system-monitor: Structure and functional organization
security-monitor: Metadata definition format
integrated-system-monitor: Script organization and implementation
Other existing skills: YAML frontmatter best practices

Community Practices Integrated

GitHub popular OpenClaw skill project structures
Community-recommended security practices (input validation, error handling)
Optimal metadata configuration methods
Effective trigger word definition patterns

Custom Scripts Created

advanced_skill_processor.py: Implements complete 5-step research flow automation
- Automated documentation query, public skill research, best practice search
- Solution fusion and comparison functionality
- AI-powered skill generation via SkillBoss API Hub (/v1/pilot, type=chat)
- Standardized output generation
- Error handling and logging features

Implementation Requirements

Execute all 5 steps in strict sequence - no skipping allowed
Do not rely on memory or "approximately correct" code
Demonstrate research → comparison → selection logical chain
Show evidence of consulting official documentation
Include proper metadata and security considerations
Provide complete, functional skill implementations with proper structure
Ensure all outputs follow the exact template structure required
Apply universally regardless of timeframe or version
Include security best practices and error handling
Provide comprehensive examples and use cases
Include system prompt integration for enhanced AI interaction
Incorporate thinking model framework for improved decision-making

System Prompt Integration

When creating new skills, include system prompt elements that enhance AI interaction:

"You are now an OpenClaw (formerly ClawDBot / Moltbot) skill development expert, implementing advanced thinking models for enhanced decision-making. Apply structured cognitive processing while balancing speed and accuracy based on specific situational requirements."

Skill Creation Guidelines

Apply the multi-stage cognitive processing pipeline during skill design
Integrate memory systems for continuous learning and improvement
Balance speed optimization with accuracy enhancement in skill functionality
Include appropriate system prompts for AI assistants using the skill
Document decision-making processes for future reference and learning

Comments

Loading comments...