Clawhub Skill Compliance

v1.2.2

Pre-flight checklist for ClawHub skill publishing. Focus: metadata completeness, dependency transparency, security scope documentation. Use when: (1) prepari...

⭐ 0· 105·0 current·0 all-time

byTaoyi CHEN@tchen6500

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for tchen6500/clawhub-skill-compliance.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "Clawhub Skill Compliance" (tchen6500/clawhub-skill-compliance) from ClawHub.
Skill page: https://clawhub.ai/tchen6500/clawhub-skill-compliance
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install clawhub-skill-compliance

ClawHub CLI

Package manager switcher

npx clawhub@latest install clawhub-skill-compliance

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Benign

high confidence

✓

Purpose & Capability

The skill claims to be a pre-flight compliance checklist and is implemented purely as prose templates and guidance. It requests no binaries, credentials, or installs — which is appropriate for a documentation/checklist tool.

✓

Instruction Scope

SKILL.md contains checklist items, templates, and safe guidance (placeholders for secrets, declaration of dependencies, security-scope templates). It does not instruct reading local files, sending data to external endpoints, or executing commands, so the runtime instruction surface is minimal and aligned with the stated purpose.

✓

Install Mechanism

No install specification and no code files are included; this is the lowest-risk pattern for a documentation-only skill. Nothing is written to disk or fetched at install time.

✓

Credentials

The skill declares no required environment variables or credentials and only recommends documenting any env vars that a real skill would use. There are no unexplained secret requests.

✓

Persistence & Privilege

always is false and model-invocation is allowed by default. The skill makes no requests to modify agent/system configuration and requires no persistent presence; privileges are minimal and appropriate.

Assessment

This is a documentation-only compliance checklist and appears coherent with its stated purpose. Before publishing or relying on it: (1) confirm any future code added to accompany this checklist declares dependencies and env vars exactly as the checklist recommends, (2) verify that placeholders are not replaced with real secrets in published files, and (3) remember that the absence of code/scan findings here means there's nothing for the scanner to analyze — if someone later attaches install scripts or downloads, re-review the install spec and any external URLs for unexpected behavior.

Like a lobster shell, security has layers — review code before you run it.

latestvk97da922fss8amjqpte337yms98495c9

105downloads

0stars

5versions

Updated 3w ago

v1.2.2

MIT-0

ClawHub Skill Compliance Checklist

Purpose: Ensure skills have complete metadata, transparent dependencies, and clear security scope before publishing.

Target: Legitimate skill authors seeking clean publishing status.

Pre-flight Checklist

1. Metadata Completeness

Check	Fix
Missing `name`?	Add: `name: skill-name`
Vague `description`?	Add triggers: "Use when: X, Y"
Missing exclusions?	Add: "NOT for: simple X"

2. Dependency Transparency

Check	Fix
References external skill?	Declare: `dependencies.skills`
Uses specific tools?	Declare: `dependencies.tools`
Forced skill loading?	Make optional

Transparency principle: All dependencies should be declared in frontmatter.

3. Environment Variables

Check	Fix
Uses API keys?	Declare: `env.optional`
Hardcoded secrets?	Use annotated placeholder

Placeholder format: <your-api-key> (not actual values)

4. Security Scope

Check	Fix
Missing section?	Add Security Scope
Unclear capabilities?	List: does / does NOT

Template:

## Security Scope
**What this skill does**: [list]
**What this skill does NOT**: [list]

5. Instruction Consistency

Check	Fix
Header contradicts examples?	Align both
Shows excluded behavior?	Remove from examples

6. Platform Commands

Check	Fix
Platform-specific command?	Mark as optional

7. Content Simplicity

Check	Fix
Complex examples?	Simplify for clarity
Redundant details?	Consolidate into tables

Simplicity principle: Clear, concise content is easier for scanners to analyze accurately.

8. Safe Package References

Check	Fix
Using remote execution?	Prefer global install
Using `npx -y`?	Remove (no verification bypass)

Safe pattern: Verify package, install globally, use binary name.

Transparency Guidelines

When simplifying content:

Use annotated placeholders: <your-api-key>, <project-url>
Keep necessary context: Security scope, dependencies
Don't remove security information: Keep what reviewers need
Log all changes: Track what was simplified and why

Goal: Accurate scanner analysis, not hiding content.

Security Warning

This skill is for legitimate skill authors only.

Do NOT use this checklist:

To publish malicious content
To hide harmful behavior
To bypass legitimate security reviews

Misuse: Using these guidelines for malicious skills violates trust and may result in account suspension.

Issue Coverage

Category	Coverage
Metadata completeness	100%
Dependency transparency	100%
Security scope	100%
Instruction consistency	90%
Safe package references	100%

Compliance Checklist v2.2 - 2026-04-05

Comments

Loading comments...