by 安全扫描
OpenClaw
安全
high confidenceThis is a scaffolding CLI for creating OpenClaw skill projects; its code, runtime instructions, and requirements are consistent with that purpose and do not request unexpected credentials or network installs.
评估建议
This appears to be a straightforward, local scaffolding tool. Before using it: (1) review the small source files if you want to confirm behavior (they are included and readable), (2) be cautious with the CLI --force flag since the generator will recursively delete the target directory if present, (3) review any generated CI workflow (.github/workflows/security-scan.yml) before enabling it in your repository — it runs 'npx clawshield' which will install/run that tool in CI, and (4) treat the gene...详细分析 ▾
✓ 用途与能力
Name/description (skill scaffolder) match the included CLI and library code. The only required runtime is node, which is appropriate for a Node.js generator.
✓ 指令范围
SKILL.md and the CLI instruct the agent/user to run the local generator and reference only local paths in the generated project. The generator writes files to the specified output directory and does not attempt to read or exfiltrate unrelated system files or environment variables.
✓ 安装机制
No install spec is present (instruction-only at registry level). The package includes small, readable JS source files that write local templates; there are no downloads from remote URLs or extracted archives during generation.
✓ 凭证需求
The skill declares no required environment variables. The generator writes a .env.example containing OPENCLAW_API_KEY as a placeholder (reasonable for a project template) but does not require or read secrets itself.
✓ 持久化与权限
always is false and model invocation is normal. The generator only creates files under the user-specified output path; it will remove the target directory when run with --force (expected behavior for a CLI scaffolder). It does not modify other skills or global agent settings.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/3/27
Initial release. Scaffolding tool for OpenClaw skills with starter docs, tests, fixtures, and optional security workflow templates.
● 无害
安装命令
点击复制官方npx clawhub@latest install skillsmith
镜像加速npx clawhub@latest install skillsmith --registry https://cn.longxiaskill.com
技能文档
Generate a reviewable starting point for a new OpenClaw skill.
当...时 到 使用
- 您 want repeatable folder 布局 代替 的 assembling skill 由 hand.
- 您 需要 starter
SKILL.md, smoke test, fixtures, 和 可选 CI workflow. - 您 want stricter 模板 带有 Safe Install policy scaffolding.
Command
node {baseDir}/bin/create-openclaw-skill.js my-skill
node {baseDir}/bin/create-openclaw-skill.js my-skill --no-prompts --out ./skills
node {baseDir}/bin/create-openclaw-skill.js my-skill --template strict-security --ci
node {baseDir}/bin/create-openclaw-skill.js my-skill --force
Templates
| Template | Focus |
|---|---|
standard | baseline docs, fixtures, and tests |
strict-security | adds policy scaffolding, security docs, and ClawShield CI |
Generated files
SKILL.md: skill instructions 带有 OpenClaw-compatible frontmatter包.json: project manifestdocs/: architecture 和 security notesscripts/: local script directorytests/: smoke test stub.env.示例: environment 变量 模板CHANGELOG.md: release notes starterscripts/个人资料-target.js: profiling helperfixtures/: sample 输入框 data.github/workflows/security-scan.yml: 可选 CI workflow
Interactive prompts
| Option | Prompt | Default |
|---|---|---|
name | skill name | CLI argument |
description | skill description | {name} skill generated by Skill Starter |
category | skill category | AI Skills |
ci | include CI workflow | y/N |
strict-security extras
.openclaw-tools/safe-install.policy.json: Safe Install policy scaffolddocs/security.md: security integration guide.github/workflows/security-scan.yml: ClawShield scan workflow
Boundaries
- scaffold intentionally lightweight. 您 仍然 需要 到 替换 placeholders 和 添加 real business logic.
- Generated
SKILL.mdfiles 现在 aligned 到 OpenClaw-样式 frontmatter 和 使用{baseDir}对于 local command examples.