Safety Report

Skillcraft

Name: Skillcraft
Rating: 5 (7 reviews)
Author: jmz1

Design and build OpenClaw skills. Use when asked to "make/build/craft a skill", extract ad-hoc functionality into a skill, or package scripts/instructions for reuse. Covers OpenClaw-specific integration (tool calling, memory, message routing, cron, canvas, nodes) and ClawHub publishing.

2,577Downloads

10Installs

7Stars

3Versions

API Integration4,971 Workflow Automation3,323 CLI & Shell Tools1,805 Networking & DNS1,102

Security Analysis

high confidence

Clean0.04 risk

Instruction-only skill that provides a structured, coherent guide for authoring OpenClaw skills; it requests no credentials or installs and its instructions align with its stated purpose.

Feb 11, 20265 files1 concern

Purpose & Capabilityok

The name/description (skill designer for OpenClaw) matches the content: the SKILL.md and pattern files are templates and guidance for packaging skills, routing, cron, memory, and publishing. No unrelated binaries, env vars, or install steps are requested.

Instruction Scopenote

The runtime instructions tell the agent to inspect available skills, workspace files, and to place state under `{baseDir}`/`<workspace>`. This is expected for a skill-authoring guide, but it means the agent will read other skills and workspace files when following these instructions — review those reads if you have sensitive data in workspace files or other skill bodies.

Install Mechanismok

No install spec and no code files — instruction-only. This is the lowest-risk install profile (nothing is downloaded or written by an installer).

Credentialsok

The skill declares no required environment variables or credentials. It does provide guidance for how skill authors should *store* secrets (env vars, keychain, 1Password CLI), which is advisory and not a request for secrets from the runner.

Persistence & Privilegeok

always:false and no config paths requested. The skill recommends locations for skill-local state files but does not request global agent configuration changes or persistent privileges.

Guidance

This skill is an authoring guide and is internally consistent. Because it instructs agents to read other skills and workspace files, review any workspace content and other skills for sensitive data before using it to auto-extract or package code. The skill itself asks for no credentials and performs no installs, but be cautious if you follow its guidance to add state files or to request environment variables later when authoring new skills — never hardcode secrets into SKILL.md or published skill files, and review any resulting SKILL.md or install steps before publishing or installing. If you do not want agents to autonomously create/publish skills, consider controlling invocation or review outputs manually.

Latest Release

v1.0.0

Opus 4.6 overhaul: 60% slimmer, OpenClaw naming, {baseDir} paths, new frontmatter keys, model-tier guidance, direct docs links

Popular Skills

self-improving-agent

@pskoett · 1,456 stars

Gog

@steipete · 672 stars

Tavily Web Search

@arun-8687 · 620 stars

Find Skills

@JimLiuxinghai · 529 stars

Proactive Agent

@halthelobster · 426 stars

Summarize

@summarize · 415 stars

Published by @jmz1 on ClawHub