ClawHub

Workflow Skillify

v1.0.0

Use when a successful session or repeatable process should be captured as a reusable skill with steps, arguments, and invocation guidance.

1· 80·0 current·0 all-time
by@wimi321
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name and description (capture a repeatable session as a reusable skill) align with the instructions: summarize the session, extract inputs/outputs, write a SKILL.md and save it. No unrelated credentials, binaries, or installs are requested.
Instruction Scope
The runtime instructions explicitly reference reading the session history and user corrections (expected for this purpose) and direct the agent to save the resulting SKILL.md in a repo-level or personal location. There is no explicit step to scrub or redact secrets/PII from the session before saving — that is a potential privacy/data-leak risk the user should be aware of.
Install Mechanism
Instruction-only skill with no install spec and no code files; nothing is written to disk by an installer. Low installation risk.
Credentials
The skill declares no environment variables, credentials, or config paths. It legitimately needs access to the session history and user corrections; no unrelated secrets are requested.
Persistence & Privilege
always is false and model invocation is allowed (platform default). The instructions ask the agent to save files to a repo/personal location, which is coherent but increases persistence risk: the agent could persist sensitive session content unless the user or the skill enforces redaction/review.
Assessment
This skill is coherent for turning a session into a SKILL.md, but it will read your session history and instruct the agent to save a file — which can capture secrets or personal data. Before using it: (1) avoid running it on sessions that contain passwords, API keys, or sensitive data; (2) require manual review of the generated SKILL.md before saving or committing it to any repository; (3) specify or confirm the save location (personal directory vs. repo) so the agent doesn't persist data to an unintended place; (4) consider adding an explicit redaction step to the workflow (remove secrets/PII) if you plan to save or share generated skills. If you need stronger guarantees, disable autonomous invocation or restrict the agent's ability to write files until you review outputs.

Like a lobster shell, security has layers — review code before you run it.

claude-codevk97bdqyb2pr3249ys5e40ms18d842eqaextractedvk97bdqyb2pr3249ys5e40ms18d842eqalatestvk97bdqyb2pr3249ys5e40ms18d842eqa

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments