ClawHub

ClawHub Skill Packager

v1.5.0

Turn rough, partial, or broken ClawHub/OpenClaw skill material into one publish-ready skill bundle plus one separate plain-text review file using an inferenc...

0· 83·0 current·0 all-time
byChristopher L Haynes@neomagnetar
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill's name and description match the runtime instructions: it inspects skill material, infers/fills missing metadata, repairs, and produces a publish-ready bundle plus a separate plain-text review. It does not request unrelated binaries, env vars, or external services.
Instruction Scope
SKILL.md instructs the agent to inspect provided files, infer missing metadata, and produce outputs; it does not tell the agent to read system paths, environment variables, or contact external endpoints. The inference-first stance could cause the agent to include or generate content on behalf of the user, so users should avoid handing over files that contain secrets or unrelated private data.
Install Mechanism
Instruction-only skill with no install spec or code files — nothing is written to disk by an installer and no remote downloads are specified.
Credentials
No environment variables, credentials, or config paths are required. The declared requirements match the stated purpose.
Persistence & Privilege
The skill is explicit-invocation only (disable-model-invocation: true) and not marked always:true. It does not request persistent privileges or modifications to other skills or global settings.
Assessment
This packager appears coherent and limited to the files you provide. Before invoking it: (1) do not hand over files that contain secrets, private keys, or unrelated sensitive data (the skill will inspect included files and may include inferred content in the package); (2) review the produced publish bundle and the separate review .txt carefully to ensure no private files were packaged or mistaken inferences were made; (3) if you want the tool to be conservative, explicitly instruct it to avoid inferring missing security-sensitive fields and to ask you instead. Because the skill is explicit-invocation only, it cannot act autonomously — you must call it to run.

Like a lobster shell, security has layers — review code before you run it.

auditvk9792qeg8pmxr1aa2j4dx7a7xs84b87tclawhubvk9792qeg8pmxr1aa2j4dx7a7xs84b87tlatestvk9792qeg8pmxr1aa2j4dx7a7xs84b87topenclawvk9792qeg8pmxr1aa2j4dx7a7xs84b87tpackagingvk9792qeg8pmxr1aa2j4dx7a7xs84b87treviewvk9792qeg8pmxr1aa2j4dx7a7xs84b87tskillsvk9792qeg8pmxr1aa2j4dx7a7xs84b87t

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📦 Clawdis

Comments