name: skill-publisher
description: Publish a local Claude Code Skill to GitHub and ClawHub through a structured workflow. Triggers when the user says "publish skill", "upload skill to github", "open source my skill", "ship skill", "clawhub release". First scans the target skill to assess size and complexity, then recommends a distribution channel (single small skill → ClawHub / multi-skill bundle → GitHub plugin marketplace / workshop-grade pipeline → dual track), then executes a 7-step closed loop: clean workdir → secret scrub → three essentials → manifest → git init → gh repo create → clawhub submission.
Skill Publisher
Meta-skill that turns a local Claude Code Skill sitting in ~/.claude/skills/<name>/ into a published, installable open-source release.
When to trigger
Activate when the user asks to publish, open-source, upload, or ship a skill to GitHub or ClawHub.
Core logic: assess first, execute second
Step 0 — Size assessment (determines channel)
Run against the target skill directory:
TARGET=~/.claude/skills/<name>
echo "=== file count ==="; find "$TARGET" -type f | wc -l
echo "=== total size ==="; du -sh "$TARGET"
echo "=== subdirs ==="; ls -d "$TARGET"/*/ 2>/dev/null
echo "=== scripts ==="; find "$TARGET" \( -name "*.sh" -o -name "*.py" -o -name "*.js" \) | wc -l
echo "=== external-service signals ==="; grep -rlE 'curl|api|http|oauth' "$TARGET" 2>/dev/null | wc -l
Channel recommendation table
| Size signal | Recommended channel | Why |
|---|
| Single skill, < 20 files, < 500KB, no external deps | ✅ ClawHub first + GitHub mirror | ClawHub indexes per-skill; small self-contained tools get maximum discovery and free security-scan badges |
Single skill with complex scripts/ or external API calls | ✅ GitHub first (plugin marketplace), ClawHub optional | Credentials need real README guidance; GitHub Issues handles support |
| Multi-skill bundle (3+ related skills) | ✅ GitHub plugin marketplace only | ClawHub is weak for bundles; plugin marketplace supports one-command install for the whole set |
| Workshop-grade workflow pipeline | ✅ Dual track — GitHub plugin for the bundle, ClawHub for each star skill separately | Bundle drives installs, individual listings drive discovery |
< 5 files, only SKILL.md | ⚠️ Do not publish yet | Too thin; add scripts or references first |
Always state the recommended channel and reasoning explicitly, and get user confirmation before starting Step 1.
Standard 7-step publish flow
Step 1 — Create a clean workdir
mkdir -p ~/projects/<skill-name> && cd ~/projects/<skill-name>
Never git init inside ~/.claude/skills/ — that would leak other private skills.
Step 2 — Copy + secret scrub (three greps)
cp -r ~/.claude/skills/<skill-name>/* .
grep -rnE 'app_id|app_secret|api_key|token|password|bearer' .
grep -rnE '/home/[a-z]+|~/\.[a-z]+claw|~/\.openclaw' .
grep -rnE '[A-Za-z0-9]{20,}' . | grep -vE '\.md:|#'
Any hit → switch the value to an environment variable and document it in the README. Do not proceed to Step 3 until all three scans are clean.
Step 3 — Add the three publishing essentials
<skill-name>/
├── SKILL.md # verify frontmatter: name / description / triggers are complete
├── README.md # user-facing: one-liner + install + usage + screenshot
├── LICENSE # default MIT, ClawHub prefers MIT-0
└── .gitignore # at minimum: .env / *.key / node_modules / .DS_Store
README template:
# <Skill Name>
One-line description of what it does.
## Install
### Claude Code Plugin (recommended)
/plugin marketplace add <owner>/<repo-name>
### Manual
git clone https://github.com/<owner>/<repo-name> ~/.claude/skills/<skill-name>
## Usage
- Trigger phrases: ...
- Example: ...
## Configuration (if needed)
Environment variables:
- FOO_API_KEY — ...
## License
MIT
Step 4 — Plugin manifest (optional, add for bundles or one-click install)
Create .claude-plugin/marketplace.json:
{
"name": "<skill-name>",
"owner": { "name": "<your-name>", "url": "https://github.com/<owner>" },
"plugins": [
{
"name": "<skill-name>",
"source": ".",
"description": "One-line description",
"version": "0.1.0"
}
]
}
Can be skipped if publishing a single skill via ClawHub only.
Step 5 — Initialize git locally
git init
git add .
git status
git commit -m "init: <skill-name> v0.1.0"
Step 6 — Push to GitHub
gh auth status
gh repo create <skill-name> --public --source=. --remote=origin --push
Open https://github.com/<owner>/<skill-name> to verify.
Step 7 — Submit to ClawHub (if channel recommendation included it)
- Open https://clawhub.ai in a browser
- Sign in with GitHub (first time: OAuth authorize public-repo scope)
- Account page → Add Skill / Sync Repos → select the repo just pushed
- Wait for VirusTotal + custom security scan (a few minutes)
- On pass, visit
https://clawhub.ai/<owner>/<skill-name> to verify listing
Post-publish promotion checklist
Common pitfalls
gh repo create fails → gh auth refresh -s repo to add the missing scope
- Secret committed and pushed → treat as a real leak:
gh repo delete + rotate credentials immediately. Do not rewrite history with rebase; once pushed it's indexed
- ClawHub scan flags red → usually caused by
curl | sh or eval in scripts; replace with explicit steps
- Plugin install fails → the
source path in marketplace.json must be relative to the repo root
- Untested install command in README → always copy-paste it into a fresh session yourself before declaring the release done
Pre-publish self-check (all must be green)
Execution discipline
- Never skip Step 0 assessment — picking the wrong channel wastes the whole run
- Never execute Step 7 on behalf of the user — ClawHub needs a browser OAuth flow; hand it off
- Stop immediately if any secret scan hits — report to the user and let them decide; do not silently rewrite their code
- Paste command output after every step — closed-loop evidence, no bare claims