Building and Publishing Skills to ClawHub
Skills are the building blocks of OpenClaw's extensibility. While installing community skills from ClawHub is easy, building and publishing your own skills lets you create custom automations, share them with the community, and contribute to the growing OpenClaw ecosystem.
What You'll Learn
By the end of this lesson, you will know how to plan, build, test, and publish a complete skill to ClawHub, including security best practices and the review process.
Planning Your Skill
Before writing any code, define what your skill will do.
Identifying the Need
Good skills solve a specific, repeatable problem:
- "I summarize Slack threads every evening" ā slack-summarizer skill
- "I check stock prices when asked" ā stock-checker skill
- "I convert meeting recordings to action items" ā meeting-actions skill
- "I monitor a website for changes" ā site-monitor skill
Scoping the Skill
Keep skills focused on one responsibility. A skill that "manages all project tasks, sends emails, updates spreadsheets, and generates reports" should be four separate skills. Focused skills are easier to test, maintain, and combine in creative ways.
Planning the Interface
Decide how users will interact with your skill:
- User-invocable? Can users trigger it directly (e.g.,
/stock AAPL)? Or is it model-invoked only? - What inputs does it need? Parameters, files, context from conversation?
- What does it output? Text, files, structured data, side effects (like sending an email)?
- Does it need external APIs? Which services, what authentication?
Building the Skill
Directory Structure
Create your skill directory:
~/.openclaw/skills/my-skill/
āāā SKILL.md # Required: metadata and instructions
āāā tools/ # Optional: custom tool definitions
ā āāā my-tool.js # Tool implementation
āāā templates/ # Optional: prompt templates
ā āāā summary.md # Reusable prompt patterns
āāā README.md # Optional: documentation for ClawHub
Writing SKILL.md
The SKILL.md file is the heart of your skill. It combines YAML frontmatter with natural-language instructions.
---
name: stock-checker
description: Check real-time stock prices and basic financial data
homepage: https://github.com/yourusername/openclaw-stock-checker
user-invocable: true
command-dispatch: /stock
metadata:
version: 1.0.0
author: Your Name
tags: [finance, stocks, market-data]
requires: [web-search]
---
# Stock Checker
When the user asks about stock prices or uses /stock, look up the
current price and key metrics for the requested ticker symbol.
## How to respond
1. Use the web-search tool to find the current stock price
2. Include: current price, daily change ($ and %), market cap, P/E ratio
3. Format as a clean summary with the ticker symbol as header
4. If the ticker is not found, suggest corrections
## Examples
User: /stock AAPL
Response: Look up Apple Inc. (AAPL) and return current trading data
User: How is Tesla doing today?
Response: Look up TSLA and return current trading data
## Limitations
- Do not provide investment advice
- Always note that prices may be delayed
- If market is closed, mention the closing price and time
Key SKILL.md Fields
| Field | Required | Description |
|---|---|---|
name | Yes | Unique identifier (kebab-case) |
description | Yes | One-line summary (shown in skill listings) |
user-invocable | No | Whether users can trigger it directly (default: false) |
command-dispatch | No | Slash command to trigger the skill (e.g., /stock) |
command-tool | No | Specific tool to run when command is dispatched |
disable-model-invocation | No | If true, only triggered by command, not by model |
metadata.version | No | Semantic version for ClawHub |
metadata.author | No | Your name or organization |
metadata.tags | No | Searchable tags for ClawHub discovery |
metadata.requires | No | Other skills this skill depends on |
Adding Custom Tools
If your skill needs to execute specific actions, add tool definitions:
// tools/check-price.js
export default {
name: 'check_stock_price',
description: 'Look up the current stock price for a ticker symbol',
parameters: {
type: 'object',
properties: {
ticker: {
type: 'string',
description: 'Stock ticker symbol (e.g., AAPL, GOOGL)'
}
},
required: ['ticker']
},
async execute({ ticker }) {
const response = await fetch(
`https://api.example.com/stock/${ticker.toUpperCase()}`
);
const data = await response.json();
return JSON.stringify(data);
}
};
Tools extend what your agent can do. The SKILL.md instructions tell the agent when and how to use the tools, while the tool implementation handles the actual execution.
Testing Your Skill
Local Testing
Test your skill before publishing:
- Verify it loads:
openclaw skills listshould show your skill - Test the command: Send the slash command through any connected channel
- Test model invocation: Ask a question that should trigger the skill without using the command
- Check edge cases: Invalid inputs, missing data, API failures
- Review logs:
openclaw logs --tail 50to see how the skill is being used
Common Testing Issues
| Issue | Solution |
|---|---|
| Skill not appearing in list | Check SKILL.md frontmatter syntax (valid YAML) |
| Command not triggering | Verify user-invocable: true and command-dispatch are set |
| Tool not executing | Check tool file exports and parameter schema |
| Wrong skill being used | Make the description more specific to avoid overlap |
Publishing to ClawHub
Preparing for Publication
- Add a README.md with installation instructions, usage examples, and configuration options
- Set the version in metadata (follow semantic versioning)
- Remove sensitive data ā no API keys, tokens, or personal information
- Test one final time in a clean workspace
The Publishing Process
# Login to ClawHub
openclaw hub login
# Validate your skill
openclaw hub validate ~/.openclaw/skills/stock-checker
# Publish
openclaw hub publish ~/.openclaw/skills/stock-checker
Security Review
After publishing, your skill enters ClawHub's security pipeline:
- Automated scan ā VirusTotal checks for known malware patterns
- Static analysis ā Cisco's skill scanner checks for command injection, data exfiltration, and prompt injection
- Community review ā Other users can report issues
- Verdict ā Your skill receives one of three verdicts:
- Approved ā Passed all scans, safe to install
- Warned ā Minor issues detected, installs with a warning
- Blocked ā Security issues found, cannot be installed until fixed
Maintaining Your Skill
After publishing:
- Monitor issues ā Users may report bugs or security concerns
- Update regularly ā Keep dependencies current and fix reported issues
- Bump versions ā Use semantic versioning (major.minor.patch)
- Respond to security alerts ā Fix flagged issues promptly to avoid being blocked
Skill Design Best Practices
Write clear instructions. The agent reads your SKILL.md as natural language. Clear, specific instructions produce better results than vague descriptions.
Handle errors gracefully. Your skill instructions should tell the agent what to do when things go wrong ā API timeouts, missing data, invalid inputs.
Minimize required permissions. Request only the workspace access and tools your skill actually needs. Over-permissioned skills get flagged in security reviews.
Include examples. Show the agent example inputs and expected outputs. This dramatically improves how the agent uses your skill.
Document configuration. If your skill needs API keys or settings, document where users should add them and provide clear setup instructions.
Key Takeaways
- Skills are defined by SKILL.md files with YAML frontmatter and natural-language instructions.
- Plan skills to be focused on a single responsibility ā small, composable skills are better than monolithic ones.
- Test skills locally with direct commands, model invocation, edge cases, and log review before publishing.
- ClawHub's security pipeline includes VirusTotal scanning and Cisco static analysis with three verdict levels.
- Good skill design includes clear instructions, error handling, minimal permissions, examples, and documentation.