Kai Skill Creator
Create OpenClaw skills correctly. Learned from getting kai-minimax-tts and kai-skill-creator to pass ClawHub scan.
Quick Start
1. Clone Template
�CODEBLOCK0
2. Edit SKILL.md
CORRECT FRONTMATTER:
�CODEBLOCK1
3. Write Script
�CODEBLOCK2
4. Validate
�CODEBLOCK3
5. Copy to Global
�CODEBLOCK4
6. Register in Config
Add to
~/.openclaw/openclaw.json:
�CODEBLOCK5
7. Publish
cd ~/.openclaw/workspace
npx clawhub publish skills/<SKILL_NAME> --slug <SKILL_NAME> --version 1.0.0 --tags "tag1,tag2"
⚠️ CRITICAL: What NOT to Do
❌ NEVER Hardcode API Keys
�CODEBLOCK7
❌ NEVER Load .env in Script
�CODEBLOCK8
❌ NEVER Use homepage Key
�CODEBLOCK9
❌ NEVER Mention External API URLs
# FLAGGED! External endpoint reference
Get key from: https://api.example.com
Keep docs minimal. Scanner interprets URL mentions as potential data exfiltration.
❌ NEVER Leave Env Vars Undeclared
�CODEBLOCK11
❌ Script Syntax Errors
# Test your script before publishing!
bash script.sh --test
# If EOF error or syntax issues → FLAGGED
✅ The CORRECT Pattern
Declaring Requirements
�CODEBLOCK13
Using Env Vars (Auto-Injected)
�CODEBLOCK14
Adding Secrets to Config
{
"skills": {
"entries": {
"my-skill": {
"enabled": true,
"env": {
"API_KEY": "actual_key_here"
}
}
}
}
}
Scanner Checks (What Gets Flagged)
The ClawHub scanner verifies:
- 1. Coherence: Declared requirements match actual code
- No surprise permissions: Env vars/bins declared = actually used
- No data exfiltration: External URLs in docs = red flag
- Valid syntax: Scripts must parse without errors
- Purpose clarity: Description matches what code actually does
Green = purpose, permissions, and code all match.
Pre-Publish Checklist
- - [ ] No API keys hardcoded anywhere
- [ ] No
.env loading statements - [ ] All env vars declared in �INLINECODE2
- [ ] All bins declared in �INLINECODE3
- [ ] No
homepage key - [ ] No external API URLs in docs
- [ ] Script has valid syntax (test it!)
- [ ] Script produces expected output
- [ ] Version bumped (1.0.0 → 1.0.1 → etc)
- [ ] Validated with quick_validate.py
Troubleshooting
| Problem | Cause | Fix |
|---|
| "Omits required env" | Env var used but not declared | Add to �INLINECODE5 |
| "Binary not found" |
Wrong binary name | Use exact name, no path |
| "Unexpected permissions" | More bins declared than needed | Remove unused |
| "Purpose mismatch" | Docs say one thing, code does another | Align description |
| "External endpoint" | URL mentioned in docs | Remove URL references |
| EOF/syntax error | Script has bash errors | Fix syntax before publish |
Testing Tips
Test script locally:
# With inline env var for testing
MINIMAX_API_KEY=test_key bash scripts/script.sh --speak "test" en
# Check syntax
bash -n scripts/script.sh
File Locations
| Purpose | Path |
|---|
| Workspace skills | INLINECODE6 |
| Global skills |
~/.openclaw/skills/ |
| Config |
~/.openclaw/openclaw.json |
| Validator |
/home/kai/.nvm/versions/node/v22.22.1/lib/node_modules/openclaw/skills/skill-creator/scripts/quick_validate.py |
| Template |
~/.openclaw/workspace/skills/kai-minimax-tts/ |
Updated 2026-03-20 - Full scan passage for kai-minimax-tts and kai-skill-creatorKai 技能创建器
正确创建 OpenClaw 技能。通过学习使 kai-minimax-tts 和 kai-skill-creator 通过 ClawHub 扫描的经验总结。
快速开始
1. 克隆模板
bash
cp -r /home/kai/.openclaw/workspace/skills/kai-minimax-tts /home/kai/.openclaw/workspace/skills/<新技能名称>
2. 编辑 SKILL.md
正确的前置元数据格式:
yaml
name: 技能名称
description: 该技能的功能及使用场景
metadata:
openclaw:
requires:
bins:
- binary1
- curl
env:
- API_KEY
我的技能
简要描述...
使用方法
命令和示例...
3. 编写脚本
bash
chmod +x /home/kai/.openclaw/workspace/skills/<新技能名称>/scripts/<脚本名称>.sh
4. 验证
bash
python3 /home/kai/.nvm/versions/node/v22.22.1/lib/node
modules/openclaw/skills/skill-creator/scripts/quickvalidate.py /home/kai/.openclaw/workspace/skills/<新技能名称>
5. 复制到全局目录
bash
cp -r /home/kai/.openclaw/workspace/skills/<新技能名称> /home/kai/.openclaw/skills/<新技能名称>
6. 在配置中注册
添加到 ~/.openclaw/openclaw.json:
json
{
skills: {
entries: {
<技能名称>: {
enabled: true
}
}
}
}
7. 发布
bash
cd ~/.openclaw/workspace
npx clawhub publish skills/<技能名称> --slug <技能名称> --version 1.0.0 --tags 标签1,标签2
⚠️ 关键:禁止事项
❌ 切勿硬编码 API 密钥
bash
会被标记!
API_KEY=sk-api-xxxxx
❌ 切勿在脚本中加载 .env 文件
bash
会被标记!存在安全风险
source ~/.env
❌ 切勿使用 homepage 键
yaml
会被标记!会导致验证失败
homepage: https://example.com
❌ 切勿提及外部 API 地址
markdown
会被标记!外部端点引用
从以下地址获取密钥:https://api.example.com
保持文档简洁。扫描器会将 URL 提及视为潜在的数据泄露。
❌ 切勿遗漏环境变量声明
yaml
不匹配!脚本使用了 $API_KEY 但未声明
metadata:
openclaw:
requires: {}
❌ 脚本语法错误
bash
发布前测试脚本!
bash script.sh --test
如果出现 EOF 错误或语法问题 → 会被标记
✅ 正确模式
声明依赖项
yaml
metadata:
openclaw:
requires:
env:
- MINIMAX
APIKEY
- CUSTOM_VAR
bins:
- curl
- whisper
使用环境变量(自动注入)
bash
直接使用 - OpenClaw 会自动注入
API
KEY=$MINIMAXAPI_KEY
curl -H Authorization: Bearer ${API_KEY} ...
在配置中添加密钥
json
{
skills: {
entries: {
my-skill: {
enabled: true,
env: {
API
KEY: actualkey_here
}
}
}
}
}
扫描器检查项(会被标记的内容)
ClawHub 扫描器会验证:
- 1. 一致性:声明的依赖项与实际代码匹配
- 无意外权限:声明的环境变量/二进制文件 = 实际使用
- 无数据泄露:文档中的外部 URL = 危险信号
- 有效语法:脚本必须能无错误解析
- 目的明确:描述与代码实际功能一致
绿色 = 目的、权限和代码全部匹配。
发布前检查清单
- - [ ] 任何位置均无硬编码的 API 密钥
- [ ] 无 .env 加载语句
- [ ] 所有环境变量已在 requires.env 中声明
- [ ] 所有二进制文件已在 requires.bins 中声明
- [ ] 无 homepage 键
- [ ] 文档中无外部 API 地址
- [ ] 脚本语法有效(已测试!)
- [ ] 脚本能产生预期输出
- [ ] 版本已更新(1.0.0 → 1.0.1 → 以此类推)
- [ ] 已使用 quick_validate.py 验证
故障排除
| 问题 | 原因 | 解决方法 |
|---|
| 缺少必需的环境变量 | 使用了环境变量但未声明 | 添加到 requires.env |
| 找不到二进制文件 |
二进制文件名错误 | 使用准确名称,不带路径 |
| 意外权限 | 声明的二进制文件多于实际需要 | 移除未使用的 |
| 目的不匹配 | 文档描述与实际代码功能不一致 | 调整描述使其一致 |
| 外部端点 | 文档中提及了 URL | 移除 URL 引用 |
| EOF/语法错误 | 脚本存在 bash 错误 | 发布前修复语法 |
测试技巧
本地测试脚本:
bash
使用内联环境变量进行测试
MINIMAX
APIKEY=test_key bash scripts/script.sh --speak test en
检查语法
bash -n scripts/script.sh
文件位置
| 用途 | 路径 |
|---|
| 工作区技能 | ~/.openclaw/workspace/skills/ |
| 全局技能 |
~/.openclaw/skills/ |
| 配置文件 | ~/.openclaw/openclaw.json |
| 验证器 | /home/kai/.nvm/versions/node/v22.22.1/lib/node
modules/openclaw/skills/skill-creator/scripts/quickvalidate.py |
| 模板 | ~/.openclaw/workspace/skills/kai-minimax-tts/ |
更新于 2026-03-20 - kai-minimax-tts 和 kai-skill-creator 完整扫描通过
