📦 Ai — AI
v1.0.0Skill Creator 1.1.0 AI公司 Skill 创作工作流(CTO MLOps + CISO 安全标准版)。用于从零新建 Skill,含初始化目录结构、编写 SKILL.md、引用文件、脚本资源、安全审查、质量门禁。 触发关键词:创建技能、新建 Skill、开发 Skill、创建 skill、新建技能包。 整合 CTO MLOps…
0· 15·0 当前·0 累计
by 下载技能包
最后更新
2026/4/19
安全扫描
OpenClaw
可疑
medium confidence该技能的用途(一个 Skill-creation workflow)与其说明和文档大体一致,但存在内部不一致及缺失/矛盾的需求,安装或依赖前需谨慎。
评估建议
This package is a Skill-authoring workflow and is not outright malicious, but it contains internal contradictions and references to scripts that are not included. Before installing or running it: 1) Verify the platform provides the referenced init_skill.py and scripts (do not fetch or run scripts from unknown URLs). 2) Confirm the agent will run in an isolated session and that L3 permission limits are actually enforced. 3) Inspect any scripts (if added later) for network calls, credential access...详细分析 ▾
✓ 用途与能力
Name and description match the delivered artifacts: a Skill-creation workflow with reference docs, templates, and a SKILL.md describing tasks (create, security-review, package, publish). The package does not request unrelated credentials or binaries, which is coherent for an authoring workflow.
⚠ 指令范围
SKILL.md instructs the agent to run an init_skill.py script and use isolated sessions, enforce path checks and CISO authorization. However, the distributed package contains no scripts (scripts/ is referenced but not present) yet the workflow '强制使用 init_skill.py' is presented as mandatory. Several internal rules contradict other parts of the doc (e.g., G0 says root should contain only SKILL.md while the workflow and examples require a references/ directory; G6 enforces SKILL.md <500 lines but the provided SKILL.md and references are large). These inconsistencies could cause agents to attempt to run or fetch code not included in the package or to mis-handle file placements.
✓ 安装机制
No install specification or packaged binaries — instruction-only skill. Low-risk from an install perspective because nothing in this package is written to disk or fetched by an install step. The publish guide suggests installing an external 'clawhub' CLI via npm for publishing, which is a normal optional step but external to this package.
ℹ 凭证需求
The skill declares no required env vars, credentials, or config paths (proportional). It references use of ClawHub and optional CLAWHUB_REGISTRY environment var for custom registry publishing — expected and reasonable. No requests for AWS/SSH/browser creds are present. Still, the SKILL.md prescribes access levels (L3: read workspace, write skills/) for the agent; confirm your agent/host enforces those limits before running.
✓ 持久化与权限
always:false and user-invocable true (normal). The skill does not request permanent presence or elevated privileges. The architecture expects isolated sessions for inter-agent calls; that is appropriate for a creator workflow.
安全有层次,运行前请审查代码。
运行时依赖
🖥️ OSLinux · macOS · Windows
版本
latestv1.0.02026/4/19
ai-skill-creator v1.1.0 引入安全、标准化的 AI Skill 开发流程,融合 CTO MLOps 生命周期与 CISO 安全检查。 - 新增正式 Agent API,用于 skill 创建、评审、打包与发布,含严格输入/输出 schema 及安全校验。 - 各阶段内置详细安全约束(如防路径遍历、关键 skill 强制 CISO 双授权)。 - 明确定义任务类型(`create`、`design-review`、`security-review`、`quality-gate`、`package`、`publish`)及校验/错误码,支持稳健自动化。 - 强制六阶段 MLOps 生命周期、完整 STRIDE+CVSS 安全评审,默认最小权限与隔离执行。 - 提供严格的目录与文档规范,确保可审计并符合发布标准。
● 无害
安装命令
点击复制官方npx clawhub@latest install ai-skill-creator-1-1-0
镜像加速npx clawhub@latest install ai-skill-creator-1-1-0 --registry https://cn.longxiaskill.com