openclaw 网盘下载
OpenClaw

技能详情(站内镜像,无评论)

首页 > 技能库 > Skill Publisher — ClawHub 一键发布器

将本地 skill 目录发布到 clawhub.com 的自动化发布助手。 当用户说"发布这个 skill 到 clawhub"、"把 XX skill 上传到 clawhub"、 "clawhub publish"、"发布到 clawhub" 等时触发。 自动处理:token 验证、CLI bug patch、...

开发与 DevOps

作者:antonia huang @antonia-sz

许可证:MIT-0

MIT-0 ·免费使用、修改和重新分发。无需归因。

版本:v1.0.0

统计:⭐ 0 · 159 · 1 current installs · 1 all-time installs

0

安装量(当前) 1

🛡 VirusTotal :可疑 · OpenClaw :可疑

Package:antonia-sz/clawhub-publish-skill

安全扫描(ClawHub)

  • VirusTotal :可疑
  • OpenClaw :可疑

OpenClaw 评估

The skill's instructions mostly match a

目的

The SKILL.md describes a ClawHub publisher which legitimately needs a clawhub token and a local skill path; however the registry metadata declares no required env vars or binaries. The instructions also rely on external CLI tools (clawhub, knot_skills, qqbot-cron) and propose patching system-installed files — capabilities that are not reflected in the metadata and are broader than a simple publisher helper would normally need.

说明范围

The runtime instructions tell the agent to run shell commands, install a global npm package if missing, search system library paths (/usr/local/lib, /usr/lib) for publish.js, and use sed -i to alter that file to insert acceptLicenseTerms: true. This modifies third‑party/system files outside the user's skill directory and requires elevated privileges in many environments. The doc also instructs using other tools (knot_skills, qqbot-cron) withou…

安装机制

There is no formal install spec (instruction-only), but the SKILL.md runs an inline install flow (npm install -g clawhub) which downloads and installs code from the network. Combined with editing global package files, this is a high-risk install pattern because it writes/executes code system-wide and isn't constrained by the registry metadata.

证书

The registry metadata lists no required environment variables, yet the SKILL.md explicitly requires a clawhub token and various user-supplied parameters. That mismatch is confusing and could lead to unexpected prompts for secrets. Additionally the steps may require root or write access to global npm locations to patch files, which is disproportionate for a simple publisher operation.

持久

The skill is not marked always:true, but its instructions ask to modify system-wide CLI code (publish.js) and to install global npm packages — actions that can have persistent, system-level effects and generally require elevated privileges. This increases blast radius if the instructions are malicious or buggy.

安装(复制给龙虾 AI)

将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。

请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「Skill Publisher — ClawHub 一键发布器」。简介:将本地 skill 目录发布到 clawhub.com 的自动化发布助手。 当用户说"发布这个 skill 到 clawhub"、"把 XX skill 上传…。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/antonia-sz/clawhub-publish-skill/SKILL.md
(来源:yingzhi8.cn 技能库)

SKILL.md

打开原始 SKILL.md(GitHub raw)

---
name: clawhub-publisher
description: >
  将本地 skill 目录发布到 clawhub.com 的自动化发布助手。
  当用户说"发布这个 skill 到 clawhub"、"把 XX skill 上传到 clawhub"、
  "clawhub publish"、"发布到 clawhub" 等时触发。
  自动处理:token 验证、CLI bug patch、slug 冲突、频率限制重试。
author: antonia-sz
version: 1.0.0
---

# ClawHub Publisher — Skill 自动发布器

把本地 skill 目录一键发布到 clawhub.com,自动处理所有已知坑。

---

## 需要用户提供

| 参数 | 说明 | 示例 |
|------|------|------|
| `skill 目录路径` | 本地 skill 文件夹(必须包含 SKILL.md) | `/root/.openclaw/workspace/skills/SKILL-xxx` |
| `clawhub token` | 格式 `clh_xxx`,clawhub.com → Profile → API Keys 获取 | `clh_7XoVic...` |
| `slug` | URL 名称,全小写+连字符 | `my-skill-name` |
| `displayName` | 展示名称 | `My Skill — 一句话描述` |
| `tags` | 逗号分隔(可选) | `productivity,writing` |

如果缺少任何必填项,**只问缺少的那个**,不要重复已知信息。

---

## 执行流程

### Step 1:环境检查

```bash
# 确认 clawhub CLI 已安装
which clawhub || npm install -g clawhub
clawhub --version

# 确认 skill 目录存在且包含 SKILL.md
ls {skill_dir}/SKILL.md
```

### Step 2:Patch CLI(如需要)

clawhub CLI 存在一个 bug:publish 时 payload 缺少 `acceptLicenseTerms: true`,服务端会返回 400。

检查并修复:

```bash
PUBLISH_JS=$(find /usr/local/lib /usr/lib -name "publish.js" -path "*/clawhub/*" 2>/dev/null | head -1)

# 检查是否已 patch
grep -q "acceptLicenseTerms" "$PUBLISH_JS" && echo "已 patch" || 
  # 在 payload 构建处加入 acceptLicenseTerms: true
  sed -i 's/skillName:/acceptLicenseTerms: true, skillName:/' "$PUBLISH_JS" && echo "patch 完成"
```

> 💡 patch 是幂等的,重复执行无害。

### Step 3:查重(可选但推荐)

```bash
# 用 knot_skills 搜索是否已有同名/同功能 skill
knot_skills search "{slug关键词}"
```

如果发现完全重复的 skill,告知用户,询问是否继续(换 slug 或放弃)。

### Step 4:执行发布

```bash
CLAWHUB_TOKEN={token} 
clawhub publish {skill_dir} 
  --slug {slug} 
  --name "{displayName}" 
  --version {version:-1.0.0} 
  --changelog "{changelog:-Initial release}" 
  --tags "{tags:-latest}"
```

### Step 5:错误处理

遇到以下错误时,按对应方案处理:

**`Error: Path must be a folder`**
→ 检查传入的是目录路径还是文件路径,修正后重试

**`slug already taken` / `409`**
→ 在 slug 后加 `-v2` 或更具体的后缀,询问用户确认后重试

**`rate limit exceeded` / `429`**
→ 使用 qqbot-cron skill 创建定时重试任务:
```
约 65 分钟后执行相同的 publish 命令
任务名:clawhub-publish-retry-{slug}
完成后通知用户
```

**`400 Bad Request`(含 acceptLicenseTerms)**
→ 重新执行 Step 2 的 patch,再重试

**`401 Unauthorized`**
→ token 无效或已过期,请用户在 clawhub.com 重新生成

### Step 6:验证上架

```bash
knot_skills search "{slug}"
```

发布成功后回复:
```
✅ 发布成功:{displayName}
📦 slug:{slug}
🌐 https://clawhub.com/skills/{slug}
安装命令:clawhub install {slug}
```

---

## 快速调用示例

用户说:
> "把 /workspace/skills/SKILL-my-tool 发布到 clawhub,token 是 clh_abc,slug 用 my-tool"

直接执行 Step 1-6,完成后汇报结果,无需逐步确认。