Command Skill Creator
v0.1.0Create automation command skills (slash commands) for Claude Code projects. Use when building `/slash-commands` that automate multi-step workflows - deploys,...
⭐ 0· 27·0 current·0 all-time
byMisha Kolesnik@tenequm
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (create command/slash-command skills) match the instructions and examples. All suggested operations — reading project files, discovering code paths, writing SKILL.md into .claude/skills/, and designing approval gates — are exactly what a command-skill creator should need. No unrelated credentials, binaries, or installs are requested.
Instruction Scope
SKILL.md explicitly instructs agents to read project files (including cross-repo paths like ~/pj/...), discover files via grep/glob, and save SKILL.md into target project directories. That is coherent for this purpose but grants broad discretion to read and modify repository files and to spawn shell-based steps (git, docker, kubectl, etc.) in generated commands. The guidance to 'trust Claude to understand natural language' is deliberately permissive and may produce commands that are over-broad unless the user requires explicit restrictions.
Install Mechanism
This is an instruction-only skill with no install spec and no code files to write or execute at install time, which is the lowest-risk model for a meta-skill of this type.
Credentials
The skill does not request environment variables, credentials, or config paths. Examples mention interacting with local repo state and common developer tools (git, docker, kubectl) — appropriate for creating command skills. There are no disproportionate secret requests.
Persistence & Privilege
The skill is not always-enabled and does not claim elevated platform privileges. It explicitly instructs authors to write SKILL.md files into project directories, which is expected behavior but means generated skills could later be run with side effects. The SKILL.md recommends setting disable-model-invocation: true for produced command skills, which is a safer default.
Assessment
This is a coherent authoring helper for building side-effecting command SKILL.md files. Before installing or using it: (1) Understand it encourages generation of commands that read and modify repositories and can include shell actions like git, docker, and kubectl — review every generated SKILL.md before saving or running. (2) Prefer the recommended disable-model-invocation: true in produced frontmatter so commands only run when explicitly invoked. (3) Restrict allowed-tools and limit any generated commands that reference home directories or cross-repo paths; require explicit approval gates for irreversible actions. (4) Never provide secrets or global credentials to the skill; vet any generated scripts for hardcoded paths or risky operations. If you want stronger guarantees, ask the skill to produce the SKILL.md only (do not auto-save), and perform a manual audit and test in a safe environment before committing.Like a lobster shell, security has layers — review code before you run it.
latestvk976wnkdevvtqnwp99knm5bdqh844yf9
License
MIT-0
Free to use, modify, and redistribute. No attribution required.