Skill Publisher
Prepare a skill for public release. Run through this checklist before publishing any skill to ensure it's reusable, clean, safe, and well-documented.
When to Use
- - Before pushing a skill to a public repo
- Before submitting to ClawdHub
- When reviewing someone else's skill
- Periodic audits of existing published skills
Quick Checklist
Run through these in order. Each section has detailed guidance below.
CODEBLOCK0�
1. Structure Validation
Required Files
�CODEBLOCK1
SKILL.md Format
Must include:
- - Header: Name and one-line description
- When to Use: Clear triggers for loading this skill
- Quick Reference: Most important info at a glance
- Detailed sections: As needed
CODEBLOCK2
File Organization
- - Group related content logically
- Use clear, descriptive filenames
- Keep files focused (single responsibility)
- Consider load order (what gets read first?)
Anti-patterns
❌ Single massive file with everything
❌ Cryptic filenames (
data1.md,
stuff.md)
❌ Circular dependencies between files
❌ Missing SKILL.md entry point
2. Security Audit
Secrets Scan
Search for and REMOVE:
�CODEBLOCK3
Personal Data Scan
Search for and REMOVE:
�CODEBLOCK4
Sensitive Content Check
- - [ ] No internal company information
- [ ] No private URLs or endpoints
- [ ] No employee names (unless public figures)
- [ ] No financial data
- [ ] No credentials of any kind
- [ ] No session tokens or cookies
Example Data
If examples need realistic data, use:
- -
user@example.com for emails - INLINECODE3� for IPs (RFC 5737 documentation range)
- INLINECODE4� for domains
- Clearly fake names ("Alice", "Bob", "Acme Corp")
3. Portability Check
Path Hardcoding
Search and fix:
�CODEBLOCK5
Replace with:
- - Relative paths (
./config.yaml) - Environment variables (
$HOME, $XDG_CONFIG_HOME) - Platform-agnostic descriptions
Environment Assumptions
- - [ ] No hardcoded usernames
- [ ] No machine-specific paths
- [ ] No assumed installed software (or document requirements)
- [ ] No assumed environment variables (or document them)
- [ ] No OS-specific commands without alternatives
Dependency Documentation
If the skill requires external tools:
## Requirements
- `tool-name` - [installation link]
- Environment variable `API_KEY` must be set
4. Code Quality
Debug Artifacts
Remove:
�CODEBLOCK7
Formatting
- - [ ] Consistent markdown style
- [ ] Code blocks have language tags (``
python, `bash)
- [ ] Tables render correctly
- [ ] Links work (no broken references)
- [ ] No trailing whitespace
- [ ] Consistent heading hierarchy
### Content Quality
- [ ] No filler text (e.g., Lorem-ipsum, incomplete markers)
- [ ] No commented-out sections
- [ ] No duplicate content
- [ ] No outdated information
- [ ] Examples are complete and runnable
---
## 5. Documentation
### README.md Checklist
�CODEBLOCK8�
### SKILL.md Checklist
- [ ] Clear "When to Use" section with specific triggers
- [ ] Quick reference for most common needs
- [ ] Logical organization of detailed content
- [ ] Cross-references to other files if multi-file
### Examples
- [ ] At least one complete, working example
- [ ] Examples use safe/fake data
- [ ] Examples are tested and verified
---
## 6. Testing
### Functional Testing
1. **Fresh load test**: Load skill in new session, verify it makes sense
2. **Trigger test**: Verify "When to Use" conditions actually match use cases
3. **Example test**: Run through all examples manually
4. **Edge case test**: What happens with unusual inputs?
### Integration Testing
If skill involves tools/commands:
�CODEBLOCK9�
### Cross-Reference Testing
- [ ] All internal links work
- [ ] All external links are valid
- [ ] File references are correct
### Verification Script (optional but recommended)
Create test.sh or document manual test steps:
�CODEBLOCK10�
---
## 7. Git Hygiene
### Before First Commit
Create .gitignore:
�CODEBLOCK11�
### Commit History
- [ ] No secrets ever committed (check full history!)
- [ ] Clean, atomic commits
- [ ] Meaningful commit messages
�CODEBLOCK12�
If secrets were ever committed:
�CODEBLOCK13�
### Commit Message Format
�CODEBLOCK14�
### Pre-Push Checklist
�CODEBLOCK15�
---
## 8. Metadata
### Repository Settings
- [ ] Description filled in
- [ ] Topics/tags added (e.g., claw, skill, ai-assistant)
- [ ] License file present
### Recommended License
For open skills, MIT is simple and permissive:
�CODEBLOCK16�
### ClawdHub Metadata (if publishing there)
In SKILL.md frontmatter:
�CODEBLOCK17�
---
## Automated Audit Script
Run this before every publish:
�CODEBLOCK18�
---
## Publishing Flow
�CODEBLOCK19�
## README Quality
A good README is discoverable and human-readable. See docs/readme-quality.md` for detailed guidance.
Quick Checks
- - First line explains what it does (not "Welcome to...")
- No AI buzzwords (comprehensive, seamless, leverage, cutting-edge)
- Specific use cases, not vague claims
- Sounds like a person, not a press release
- No excessive emoji decoration in headers
SEO Tips
- - Use phrases people actually search for
- Put most important info in first paragraph
- Be specific about features (not "powerful validation" but "checks for API keys")
Post-Publish
- - [ ] Verify GitHub renders correctly
- [ ] Test fresh clone works
- [ ] Add to your AGENTS.md skill list if using locally
- [ ] Announce if relevant (Discord, etc.)
技能发布
准备公开发布技能。在发布任何技能之前,请逐一检查此清单,确保其可复用、整洁、安全且文档完善。
何时使用
- - 将技能推送到公共仓库之前
- 提交至ClawdHub之前
- 审查他人技能时
- 对已发布技能进行定期审计
快速检查清单
按顺序逐项检查。每个部分下方均有详细指导。
[ ] 1. 结构 - 必需文件存在,组织逻辑清晰
[ ] 2. 安全性 - 无密钥、令牌、个人身份信息或敏感数据
[ ] 3. 可移植性 - 无硬编码路径,可在任何机器上运行
[ ] 4. 质量 - 代码整洁,无调试残留
[ ] 5. 文档 - README、SKILL.md、示例完整
[ ] 6. 测试 - 已验证实际可用
[ ] 7. Git - 历史记录整洁,.gitignore正确,提交规范
[ ] 8. 元数据 - 许可证、描述、关键词齐全
1. 结构验证
必需文件
skill-name/
├── SKILL.md # 必需 - 入口点、使用时机、快速参考
├── README.md # 必需 - 供GitHub/人类阅读
└── [内容文件] # 实际技能内容
SKILL.md格式
必须包含:
- - 标题:名称和一行描述
- 使用时机:加载此技能的明确触发条件
- 快速参考:最重要的信息一目了然
- 详细章节:根据需要添加
markdown
技能名称
一行描述该技能的功能。
使用时机
快速参考
[此处放置最重要的信息]
[附加章节]
[详细内容]
文件组织
- - 按逻辑对相关内容分组
- 使用清晰、描述性的文件名
- 保持文件聚焦(单一职责)
- 考虑加载顺序(哪些内容优先读取?)
反模式
❌ 单个巨型文件包含所有内容
❌ 晦涩难懂的文件名(data1.md、stuff.md)
❌ 文件之间的循环依赖
❌ 缺少SKILL.md入口点
2. 安全审计
密钥扫描
搜索并删除:
bash
在技能目录中运行
grep -rniE (api[_-]?key|secret|password|token|bearer|auth) . --include=*.md
grep -rniE ([a-zA-Z0-9]{32,}) . --include=*.md # 可能是密钥的长字符串
grep -rniE (sk-|pk-|xai-|ghp
|gho) . --include=*.md # 常见密钥前缀
个人数据扫描
搜索并删除:
bash
grep -rniE (@gmail|@yahoo|@hotmail|@proton) . --include=*.md
grep -rniE \+?[0-9]{10,} . --include=*.md # 电话号码
grep -rniE [0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3} . --include=*.md # IP地址
敏感内容检查
- - [ ] 无内部公司信息
- [ ] 无私有URL或端点
- [ ] 无员工姓名(除非是公众人物)
- [ ] 无财务数据
- [ ] 无任何类型的凭证
- [ ] 无会话令牌或Cookie
示例数据
如果示例需要真实数据,请使用:
- - 邮箱使用 user@example.com
- IP地址使用 192.0.2.x(RFC 5737文档范围)
- 域名使用 example.com
- 明显虚构的名称(张三、李四、示例公司)
3. 可移植性检查
路径硬编码
搜索并修复:
bash
grep -rniE (\/home\/|\/Users\/|C:\\\\|~\/) . --include=*.md
grep -rniE \/[a-z]+\/[a-z]+\/ . --include=*.md # 绝对路径
替换为:
- - 相对路径(./config.yaml)
- 环境变量($HOME、$XDGCONFIGHOME)
- 平台无关的描述
环境假设
- - [ ] 无硬编码的用户名
- [ ] 无特定机器的路径
- [ ] 无假设已安装的软件(或记录依赖要求)
- [ ] 无假设的环境变量(或记录它们)
- [ ] 无特定操作系统的命令(或提供替代方案)
依赖文档
如果技能需要外部工具:
markdown
要求
- - 工具名称 - [安装链接]
- 必须设置环境变量 API_KEY
4. 代码质量
调试残留
删除:
bash
grep -rniE (TODO|FIXME|XXX|HACK|DEBUG) . --include=*.md
grep -rniE (console\.log|print\(|debugger) . --include=*.md
格式规范
- - [ ] 一致的Markdown风格
- [ ] 代码块有语言标签(python、bash)
- [ ] 表格渲染正确
- [ ] 链接有效(无损坏引用)
- [ ] 无尾部空格
- [ ] 一致的标题层级
内容质量
- - [ ] 无填充文本(如Lorem-ipsum、不完整标记)
- [ ] 无注释掉的章节
- [ ] 无重复内容
- [ ] 无过时信息
- [ ] 示例完整且可运行
5. 文档
README.md检查清单
markdown
技能名称
简要描述(1-2句话)。
包含内容
[文件列表及描述]
快速总结
[核心价值主张]
使用方法
[如何使用此技能]
要求(如有)
[依赖项、API密钥等]
链接(如相关)
[官方文档、仓库等]
许可证
[技能推荐使用MIT]
SKILL.md检查清单
- - [ ] 清晰的使用时机章节,包含具体触发条件
- [ ] 最常见需求的快速参考
- [ ] 详细内容的逻辑组织
- [ ] 多文件时的交叉引用
示例
- - [ ] 至少一个完整、可运行的示例
- [ ] 示例使用安全/虚假数据
- [ ] 示例经过测试和验证
6. 测试
功能测试
- 1. 全新加载测试:在新会话中加载技能,验证其合理性
- 触发测试:验证使用时机条件确实匹配用例
- 示例测试:手动运行所有示例
- 边界测试:异常输入时会发生什么?
集成测试
如果技能涉及工具/命令:
bash
测试每个提到的命令是否实际可用
验证输出是否与文档一致
交叉引用测试
- - [ ] 所有内部链接有效
- [ ] 所有外部链接有效
- [ ] 文件引用正确
验证脚本(可选但推荐)
创建test.sh或记录手动测试步骤:
bash
#!/bin/bash
验证技能完整性
echo 检查密钥...
grep -rniE (api[_-]?key|secret|password) . --include=*.md && exit 1
echo 检查硬编码路径...
grep -rniE \/home\/ . --include=*.md && exit 1
echo ✓ 所有检查通过
7. Git卫生
首次提交前
创建.gitignore:
gitignore
操作系统文件
.DS_Store
Thumbs.db
编辑器文件
*.swp
*.swo
*~
.idea/
.vscode/
临时文件
*.tmp
*.bak
测试产物
test-output/
提交历史
- - [ ] 从未提交过密钥(检查完整历史!)
- [ ] 整洁、原子化的提交
- [ ] 有意义的提交信息
bash
检查历史中的密钥
git log -p | grep -iE (api[_-]?key|secret|password|token)
如果曾经提交过密钥:
bash
终极方案 - 重写历史(与协作者协调!)
git filter-branch --force --index-filter \
git rm --cached --ignore-unmatch path/to/sensitive/file HEAD
提交信息格式
类型
