ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Skill Factory

Build and publish OpenClaw skills from recurring pain points. Scans .learnings/ for errors that hit 3+ recurrences, scaffolds skills from them, and publishes...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 81 · 0 current installs · 0 all-time installs
by@wrentheai
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (build/publish skills from recurring pain points) align with the included script and SKILL.md. The script scans .learnings/, scaffolds skill directories under skills/public, writes a .factory-prompt.md, and offers packaging & publish commands — all consistent with the stated goal.
Instruction Scope
The runtime instructions and script stay within the declared domain: reading .learnings/, creating scaffolds, and invoking packaging/publish tools. The script uses execSync to run external tooling (a Python packaging script and npx clawhub publish). Those external commands are expected for packaging/publishing but will execute code outside the script and may upload the skill directory contents to ClawHub, so users should inspect generated files before publishing.
Install Mechanism
This is instruction-only with a single included node script (no install spec). No archives or remote downloads are performed by the skill itself. Note: the script relies on external tools (python3 and npx clawhub) and a hardcoded packaging script path (/opt/homebrew/...), which may be platform-specific or missing on some systems.
Credentials
The skill declares no required environment variables or credentials. It optionally respects WORKSPACE. Publishing requires ClawHub authentication (documented in SKILL.md) but the skill doesn't itself request or store secrets. This is proportionate to the publishing purpose.
Persistence & Privilege
always is false and model invocation is allowed (platform default). The script writes files only within the workspace (skills/public and .<slug>/) and cleans up its .factory-prompt.md on publish. It does not modify other skills' configs or request system-wide changes.
Assessment
This skill appears coherent, but take these precautions before using it: (1) Run it in a controlled workspace — inspect what it writes to skills/public and any generated skill before publishing. (2) Confirm the packaging script path (/opt/homebrew/…) exists on your machine or update it; otherwise packaging will fail. (3) Be aware that 'publish' runs npx clawhub publish and will upload the skill directory to ClawHub — ensure no sensitive files are in the directory. (4) Because the script uses execSync to run external tools, verify those tools (python3, npm/npx, and clawhub) are trustworthy and properly authenticated. If you need higher assurance, review the generated SKILL.md and scripts the factory creates prior to running publish.
scripts/factory.js:154
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
agentsvk970kzt1x7k7k0hrcne5ac5hr5832v2zlatestvk970kzt1x7k7k0hrcne5ac5hr5832v2zmetavk970kzt1x7k7k0hrcne5ac5hr5832v2zskillsvk970kzt1x7k7k0hrcne5ac5hr5832v2z

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Skill Factory

Turn recurring pain points into published skills. Automatically.

Why This Exists

Building skills manually takes 30 minutes: write SKILL.md, write the script, test, package, publish. The factory cuts this to 10 minutes by structuring the workflow and automating the boring parts.

More importantly: it connects to your .learnings/ error log. When a problem recurs 3+ times, the factory flags it as a skill candidate. Your mistakes become products.

Prerequisites

  • .learnings/ERRORS.md and/or .learnings/LEARNINGS.md in your workspace (see self-improving-agent skill or create manually)
  • ClawHub CLI authenticated (npx clawhub@latest login)
  • Python 3 (for packaging via skill-creator)

Commands

Scan for skill candidates

node scripts/factory.js scan

Reads .learnings/ and finds entries with 3+ recurrences and a known fix. These are ready for extraction into skills.

Build from a pain point description

node scripts/factory.js build "agents keep double-replying to the same post"

Creates a skill scaffold at skills/public/<slug>/ with a .factory-prompt.md describing what to build. Then you (the LLM) write the SKILL.md and script.

Build from a .learnings/ entry

node scripts/factory.js from-error ERR-20260316-001

Same as build, but pulls the description and fix from an existing error entry.

Publish

node scripts/factory.js publish skills/public/my-skill

Packages and publishes to ClawHub in one step. Cleans up factory files first.

The Pipeline

Mistake → .learnings/ERRORS.md → scan (3+ recurrences) → from-error → write skill → publish

Learnings Format

The factory expects entries in this format:

## [ERR-20260316-001] Short description
**Recurrences:** 3 | **Last:** 2026-03-16
**What failed:** what went wrong
**Fix:** what actually solved it

Or for learnings:

## [LRN-20260316-001] Short description
**Category:** best_practice
**Recurrences:** 3 | **Last:** 2026-03-16
**What happened:** context
**The lesson:** what's correct

Integrating With Heartbeats

Add to your heartbeat config to surface new candidates:

collectors:
  - name: skill-candidates
    command: "node tools/skill-factory/factory.js scan --count"
    format: text
    alert: "> 0"
    summary: "{{output}} skill candidates ready for extraction"

CLI Reference

node scripts/factory.js <command>

  scan                    Find extractable patterns in .learnings/
  scan --count            Just print the count (for heartbeat integration)
  build "description"     Scaffold a skill from a pain point
  from-error <id>         Scaffold from a .learnings/ entry
  publish <dir>           Package + publish to ClawHub

Files

2 total
Select a file
Select a file to preview.

Comments

Loading comments…