ClawMart Upload Skill
You are helping the user upload their OpenClaw configuration to the ClawMart marketplace. Follow these steps exactly and in order.
Configuration
- - ClawMart API base URL: �INLINECODE0
- Config file: �INLINECODE1
- API endpoint: �INLINECODE2
Step 1: Check API Token
Read ~/.openclaw/clawmart-config.json. If the file does not exist or token is empty:
Tell the user:
You need a ClawMart API Token to upload. Please visit https://clawmart-gray.vercel.app/dashboard/tokens to generate one, then paste it here.
Once the user provides a token (format: cm_ followed by hex characters), save it:
CODEBLOCK0
Write this to ~/.openclaw/clawmart-config.json.
Step 2: Scan Workspace Files
Scan ~/.openclaw/workspace/ for OpenClaw configuration files. Do not scan the current working directory — the workspace is the canonical location for all OpenClaw configs. OpenClaw supports two naming conventions — match either format:
| Default format (no prefix) | Prefixed format | Type |
|---|
| INLINECODE8 | INLINECODE9 | SOUL |
| INLINECODE10 |
*.agents.md | AGENTS |
|
BOOT.md |
*.boot.md | BOOT |
|
HEARTBEAT.md |
*.heartbeat.md | HEARTBEAT |
|
MEMORY.md |
memory_*.json or
memory-*.json | MEMORY |
|
IDENTITY.md | — | IDENTITY |
|
TOOLS.md | — | TOOLS |
|
USER.md | — | USER |
|
BOOTSTRAP.md | — | BOOTSTRAP |
|
skills/*.skill.md or
skills/*/SKILL.md | — | LOCAL SKILLS |
Exclude any skill whose slug starts with clawmart- — these are ClawMart utility skills and should never be packaged or referenced in a user pack.
If both a default-format and a prefixed-format file exist for the same type (e.g., SOUL.md AND claude.soul.md), include both and note the duplication to the user.
Skill Classification
Read ~/.openclaw/workspace/.clawhub/lock.json. This file is the authoritative record of all skills installed from clawhub.
For each skill subfolder in ~/.openclaw/workspace/skills/:
- - Slug is in
lock.json → installed from clawhub. Read slug and version from lock.json. Record as metadata only — file contents are not included in the zip. - Slug is NOT in
lock.json → user-authored locally (never installed from clawhub). Include the full SKILL.md content in the zip under skills/.
Do not use _meta.json presence to classify skills — it is unreliable. Do not scan any other directories.
Show the user a summary:
CODEBLOCK1
If lock.json does not exist, treat all skills as clawhub skills and note this to the user.
Wait for user confirmation before proceeding.
Step 3: Sensitive Information Check
Before packaging, scan the content of all non-SKILLS files for sensitive patterns:
- - Strings matching
(sk-|cm_|ghp_|ghs_|ghu_)[A-Za-z0-9]{20,} (API keys/tokens) - Strings matching
(password|passwd|secret|api_key)\s*[:=]\s*\S+ (credentials) - Any string longer than 20 chars after
Bearer or �INLINECODE40
If any sensitive pattern is found, tell the user exactly which file and line, and ask:
Sensitive information detected in {filename} at line {line}: {masked_value}. It is recommended to remove it before uploading. Continue anyway? (y/n)
Only proceed if user says yes.
Step 4: Collect Pack Metadata
Ask the user for:
- 1. Title: What is the name of this Pack? (e.g., Deep Research Analyst)
- Description: Brief description of the Pack's purpose and features (optional)
- Version: Version number? (default:
1.0.0)
Check ClawMart if the user already has a pack with the same title:
�CODEBLOCK2
If a matching pack already exists, ask:
A pack named "{title}" already exists. Upload as new version {new_version}? (y/n)
If yes, note this for the upload.
Step 5: Build Upload Payload
Construct the files array for the JSON payload:
- 1. For each non-skill OpenClaw file confirmed in Step 2, add:
{ "name": "<filename>", "content": "<full file text>" }
Use just the filename (no path prefix) — e.g.,
"SOUL.md",
"AGENTS.md",
"memory_projects.json".
- 2. For each local skill (user-authored, no
_meta.json) confirmed in Step 2, add:
{ "name": "skills/<filename>", "content": "<full SKILL.md text>" }
Preserve the
skills/ prefix so the server can classify them correctly.
- 3. If there are any external (clawhub) skills, add a
skills-manifest.json entry:
{
"name": "skills-manifest.json",
"content": "{\"clawhub_skills\": [{\"slug\": \"...\", \"version\": \"...\", \"ownerId\": \"...\"}]}"
}
Only include this entry if there is at least one external skill.
Step 6: Upload to ClawMart
Send the upload request:
CODEBLOCK6
On success (HTTP 201), tell the user:
Pack "{title}" has been submitted for review. It is typically approved within 24 hours.
View status: {base_url}/dashboard/packs
On error, show the error message and stop.
Notes
- - Local skill file contents are included directly in the JSON payload under the
skills/ prefix - External skills are recorded in
skills-manifest.json — slug, version, and ownerId only, no file content - The token is stored locally and reused on future uploads
- If the token is rejected (401), ask the user to generate a new one at �INLINECODE52
技能名称: clawmart-upload
详细描述:
ClawMart 上传技能
你正在帮助用户将其 OpenClaw 配置上传到 ClawMart 市场。请严格按照以下步骤并按顺序执行。
配置
- - ClawMart API 基础 URL: https://clawmart-gray.vercel.app
- 配置文件: ~/.openclaw/clawmart-config.json
- API 端点: POST {base_url}/api/packs
步骤 1: 检查 API 令牌
读取 ~/.openclaw/clawmart-config.json。如果文件不存在或 token 为空:
告知用户:
你需要一个 ClawMart API 令牌才能上传。请访问 https://clawmart-gray.vercel.app/dashboard/tokens 生成一个令牌,然后粘贴到这里。
一旦用户提供令牌(格式:cm_ 后跟十六进制字符),保存它:
json
{
token: <用户提供的令牌>,
base_url: https://clawmart-gray.vercel.app
}
将此写入 ~/.openclaw/clawmart-config.json。
步骤 2: 扫描工作区文件
扫描 ~/.openclaw/workspace/ 中的 OpenClaw 配置文件。不要扫描当前工作目录——工作区是所有 OpenClaw 配置的标准位置。OpenClaw 支持两种命名约定——匹配任一格式:
| 默认格式(无前缀) | 带前缀格式 | 类型 |
|---|
| SOUL.md | .soul.md | SOUL |
| AGENTS.md |
.agents.md | AGENTS |
| BOOT.md | *.boot.md | BOOT |
| HEARTBEAT.md | *.heartbeat.md | HEARTBEAT |
| MEMORY.md | memory_
.json 或 memory-.json | MEMORY |
| IDENTITY.md | — | IDENTITY |
| TOOLS.md | — | TOOLS |
| USER.md | — | USER |
| BOOTSTRAP.md | — | BOOTSTRAP |
| skills/
.skill.md 或 skills//SKILL.md | — | 本地技能 |
排除任何 slug 以 clawmart- 开头的技能——这些是 ClawMart 实用技能,绝不应打包或引用在用户包中。
如果同一类型同时存在默认格式和带前缀格式的文件(例如 SOUL.md 和 claude.soul.md),则两者都包含,并向用户说明重复情况。
技能分类
读取 ~/.openclaw/workspace/.clawhub/lock.json。此文件是从 clawhub 安装的所有技能的权威记录。
对于 ~/.openclaw/workspace/skills/ 中的每个技能子文件夹:
- - slug 在 lock.json 中 → 从 clawhub 安装。从 lock.json 中读取 slug 和版本。仅记录为元数据——文件内容不包含在 zip 中。
- slug 不在 lock.json 中 → 用户本地创作(从未从 clawhub 安装)。在 zip 中的 skills/ 下包含完整的 SKILL.md 内容。
不要使用 _meta.json 的存在来分类技能——它不可靠。不要扫描任何其他目录。
向用户显示摘要:
找到以下 OpenClaw 配置文件:
SOUL: SOUL.md
AGENTS: AGENTS.md
IDENTITY: IDENTITY.md
HEARTBEAT: HEARTBEAT.md
MEMORY: MEMORY.md
TOOLS: TOOLS.md
USER: USER.md
CLAWHUB 技能(通过 clawhub 安装,仅元数据):
- <技能-slug-1> (v1.0.0)
- <技能-slug-2> (v2.1.0)
本地技能(不在 clawhub 中,包含完整内容):
- <我的自定义技能>
全部包含?还是排除特定文件?(全部 / 输入要排除的文件名)
如果 lock.json 不存在,将所有技能视为 clawhub 技能,并向用户说明。
等待用户确认后再继续。
步骤 3: 敏感信息检查
在打包之前,扫描所有非 SKILLS 文件的内容,查找敏感模式:
- - 匹配 (sk-|cm|ghp|ghs|ghu)[A-Za-z0-9]{20,} 的字符串(API 密钥/令牌)
- 匹配 (password|passwd|secret|api_key)\s[:=]\s\S+ 的字符串(凭据)
- Bearer 或 Token 后任何长度超过 20 个字符的字符串
如果发现任何敏感模式,准确告知用户文件名和行号,并询问:
在 {filename} 的第 {line} 行检测到敏感信息:{masked_value}。建议在上传前将其移除。是否继续?(y/n)
仅在用户回答是时才继续。
步骤 4: 收集包元数据
向用户询问:
- 1. 标题:这个包的名称是什么?(例如,深度研究分析师)
- 描述:包的用途和功能的简要描述(可选)
- 版本:版本号?(默认:1.0.0)
检查 ClawMart 用户是否已有同名的包:
GET {base_url}/api/packs/search?q={标题}
Authorization: Bearer {令牌}
如果已存在匹配的包,询问:
名为 {标题} 的包已存在。是否作为新版本 {新版本号} 上传?(y/n)
如果是,在上传时记录此信息。
步骤 5: 构建上传负载
为 JSON 负载构建 files 数组:
- 1. 对于步骤 2 中确认的每个非技能 OpenClaw 文件,添加:
json
{ name: <文件名>, content: <完整文件文本> }
仅使用文件名(无路径前缀)——例如 SOUL.md、AGENTS.md、memory_projects.json。
- 2. 对于步骤 2 中确认的每个本地技能(用户创作,无 _meta.json),添加:
json
{ name: skills/<文件名>, content: <完整 SKILL.md 文本> }
保留 skills/ 前缀,以便服务器正确分类它们。
- 3. 如果有任何外部(clawhub)技能,添加一个 skills-manifest.json 条目:
json
{
name: skills-manifest.json,
content: {\clawhub_skills\: [{\slug\: \...\, \version\: \...\, \ownerId\: \...\}]}
}
仅当至少有一个外部技能时才包含此条目。
步骤 6: 上传到 ClawMart
发送上传请求:
POST {base_url}/api/packs
Authorization: Bearer {令牌}
Content-Type: application/json
{
title: <用户提供的标题>,
description: <用户提供的描述>,
version: <版本>,
files: [ ...步骤 5 中的文件数组... ]
}
成功时(HTTP 201),告知用户:
包 {标题} 已提交审核。通常会在 24 小时内获得批准。
查看状态:{base_url}/dashboard/packs
出错时,显示错误信息并停止。
备注
- - 本地技能文件内容直接包含在 JSON 负载中的 skills/ 前缀下
- 外部技能记录在 skills-manifest.json 中——仅包含 slug、版本和 ownerId,不包含文件内容
- 令牌存储在本地,并在将来上传时重复使用
- 如果令牌被拒绝(401),请用户在 {base_url}/dashboard/tokens 生成一个新令牌
