ClawHub

skills-best-practices

v0.1.0

Build high-quality Agent Skills for Claude following official Anthropic best practices. Covers SKILL.md structure, frontmatter, description writing, progress...

0· 28·0 current·0 all-time
byMisha Kolesnik@tenequm
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name, description, and included files are a coherent authoring/reference pack for skill authors. There are no unexpected credentials, binaries, installs, or claimed capabilities that don't match the skill's stated purpose of documenting how to build skills.
Instruction Scope
The SKILL.md documents features that can execute shell commands at preprocess time (the ``!`command` `` dynamic context injection example) and shows examples that use file-reading tools (Glob, Grep) and substitution variables like ${CLAUDE_SKILL_DIR}. The skill itself is a guide and does not declare or request access to env vars or local files, but it explicitly teaches patterns that — if copied into other skills — allow executing local commands and reading local context. Reviewers should be aware of those capabilities when authoring real skills or accepting skills authored using these patterns.
Install Mechanism
Instruction-only skill with no install spec and no code files to download or run. No installer URLs or package pulls are present.
Credentials
No required environment variables, credentials, or config paths are declared. The document references environment variables and an env override in examples (e.g., SLASH_COMMAND_TOOL_CHAR_BUDGET, CLAUDE_CODE_USE_POWERSHELL_TOOL) purely as configuration notes, which is reasonable for a best-practices guide.
Persistence & Privilege
Skill is not marked always:true and uses default invocation settings. It does not request persistent system presence or attempt to modify other skills' configuration.
Assessment
This is a documentation-only skill for authors and is internally consistent. It's safe as a reference, but be cautious when reusing its examples: the guide documents dynamic context injection (``!`command``) and substitution variables that run shell commands or read files during preprocessing — these behaviors can expose local data or execute commands if included in a real skill. Before installing or enabling authored skills that use those patterns, review the SKILL.md for any ``!`command`` lines, shell commands, or references to local paths/credentials, and test such skills in a restricted environment. If you want to avoid any risk, keep this skill as read-only documentation and do not copy examples that run commands into skills you enable for autonomous invocation.

Like a lobster shell, security has layers — review code before you run it.

latestvk9764bz789r4rq9ma2vrm7c755845qx0

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments