openclaw/skills/skill-creator/scripts/package_skill.py

#!/usr/bin/env python3
"""
Skill Packager - Creates a distributable .skill file of a skill folder

Usage:
    python utils/package_skill.py <path/to/skill-folder> [output-directory]

Example:
    python utils/package_skill.py skills/public/my-skill
    python utils/package_skill.py skills/public/my-skill ./dist
"""

import sys
import zipfile
from pathlib import Path

from quick_validate import validate_skill


def _is_within(path: Path, root: Path) -> bool:
    try:
        path.relative_to(root)
        return True
    except ValueError:
        return False


def package_skill(skill_path, output_dir=None):
    """
    Package a skill folder into a .skill file.

    Args:
        skill_path: Path to the skill folder
        output_dir: Optional output directory for the .skill file (defaults to current directory)

    Returns:
        Path to the created .skill file, or None if error
    """
    skill_path = Path(skill_path).resolve()

    # Validate skill folder exists
    if not skill_path.exists():
        print(f"[ERROR] Skill folder not found: {skill_path}")
        return None

    if not skill_path.is_dir():
        print(f"[ERROR] Path is not a directory: {skill_path}")
        return None

    # Validate SKILL.md exists
    skill_md = skill_path / "SKILL.md"
    if not skill_md.exists():
        print(f"[ERROR] SKILL.md not found in {skill_path}")
        return None

    # Run validation before packaging
    print("Validating skill...")
    valid, message = validate_skill(skill_path)
    if not valid:
        print(f"[ERROR] Validation failed: {message}")
        print("   Please fix the validation errors before packaging.")
        return None
    print(f"[OK] {message}\n")

    # Determine output location
    skill_name = skill_path.name
    if output_dir:
        output_path = Path(output_dir).resolve()
        output_path.mkdir(parents=True, exist_ok=True)
    else:
        output_path = Path.cwd()

    skill_filename = output_path / f"{skill_name}.skill"

    EXCLUDED_DIRS = {".git", ".svn", ".hg", "__pycache__", "node_modules"}

    # Create the .skill file (zip format)
    try:
        with zipfile.ZipFile(skill_filename, "w", zipfile.ZIP_DEFLATED) as zipf:
            # Walk through the skill directory
            for file_path in skill_path.rglob("*"):
                # Security: never follow or package symlinks.
                if file_path.is_symlink():
                    print(f"[WARN] Skipping symlink: {file_path}")
                    continue

                rel_parts = file_path.relative_to(skill_path).parts
                if any(part in EXCLUDED_DIRS for part in rel_parts):
                    continue

                if file_path.is_file():
                    resolved_file = file_path.resolve()
                    if not _is_within(resolved_file, skill_path):
                        print(f"[ERROR] File escapes skill root: {file_path}")
                        return None
                    # If output lives under skill_path, avoid writing archive into itself.
                    if resolved_file == skill_filename.resolve():
                        print(f"[WARN] Skipping output archive: {file_path}")
                        continue

                    # Calculate the relative path within the zip.
                    arcname = Path(skill_name) / file_path.relative_to(skill_path)
                    zipf.write(file_path, arcname)
                    print(f"  Added: {arcname}")

        print(f"\n[OK] Successfully packaged skill to: {skill_filename}")
        return skill_filename

    except Exception as e:
        print(f"[ERROR] Error creating .skill file: {e}")
        return None


def main():
    if len(sys.argv) < 2:
        print("Usage: python utils/package_skill.py <path/to/skill-folder> [output-directory]")
        print("\nExample:")
        print("  python utils/package_skill.py skills/public/my-skill")
        print("  python utils/package_skill.py skills/public/my-skill ./dist")
        sys.exit(1)

    skill_path = sys.argv[1]
    output_dir = sys.argv[2] if len(sys.argv) > 2 else None

    print(f"Packaging skill: {skill_path}")
    if output_dir:
        print(f"   Output directory: {output_dir}")
    print()

    result = package_skill(skill_path, output_dir)

    if result:
        sys.exit(0)
    else:
        sys.exit(1)


if __name__ == "__main__":
    main()
feat: add skill-creator bundled skill 2026-01-11 10:42:56 +00:00			`#!/usr/bin/env python3`
			`"""`
			`Skill Packager - Creates a distributable .skill file of a skill folder`

			`Usage:`
			`python utils/package_skill.py <path/to/skill-folder> [output-directory]`

			`Example:`
			`python utils/package_skill.py skills/public/my-skill`
			`python utils/package_skill.py skills/public/my-skill ./dist`
			`"""`

			`import sys`
			`import zipfile`
			`from pathlib import Path`

			`from quick_validate import validate_skill`


fix(skill-creator): harden skill packaging path handling (#24260) * fix(skill-creator): skip symlinks during skill packaging * test(skill-creator): cover symlink skipping and root-escape guard 2026-02-23 02:07:36 -05:00			`def _is_within(path: Path, root: Path) -> bool:`
			`try:`
			`path.relative_to(root)`
			`return True`
			`except ValueError:`
			`return False`


feat: add skill-creator bundled skill 2026-01-11 10:42:56 +00:00			`def package_skill(skill_path, output_dir=None):`
			`"""`
			`Package a skill folder into a .skill file.`

			`Args:`
			`skill_path: Path to the skill folder`
			`output_dir: Optional output directory for the .skill file (defaults to current directory)`

			`Returns:`
			`Path to the created .skill file, or None if error`
			`"""`
			`skill_path = Path(skill_path).resolve()`

			`# Validate skill folder exists`
			`if not skill_path.exists():`
			`print(f"[ERROR] Skill folder not found: {skill_path}")`
			`return None`

			`if not skill_path.is_dir():`
			`print(f"[ERROR] Path is not a directory: {skill_path}")`
			`return None`

			`# Validate SKILL.md exists`
			`skill_md = skill_path / "SKILL.md"`
			`if not skill_md.exists():`
			`print(f"[ERROR] SKILL.md not found in {skill_path}")`
			`return None`

			`# Run validation before packaging`
			`print("Validating skill...")`
			`valid, message = validate_skill(skill_path)`
			`if not valid:`
			`print(f"[ERROR] Validation failed: {message}")`
			`print(" Please fix the validation errors before packaging.")`
			`return None`
			`print(f"[OK] {message}\n")`

			`# Determine output location`
			`skill_name = skill_path.name`
			`if output_dir:`
			`output_path = Path(output_dir).resolve()`
			`output_path.mkdir(parents=True, exist_ok=True)`
			`else:`
			`output_path = Path.cwd()`

			`skill_filename = output_path / f"{skill_name}.skill"`

fix(skill-creator): exclude .git and VCS internals from .skill archives (#23180) The packager included .git directory contents in .skill archives, causing unnecessary bloat, metadata leakage, and poor artifact hygiene. Hard-exclude .git, .svn, .hg, __pycache__, and node_modules from packaged archives. These paths are never useful in distributable skills. Fixes #23149 Co-authored-by: Cursor <cursoragent@cursor.com> 2026-02-23 04:24:11 +08:00			`EXCLUDED_DIRS = {".git", ".svn", ".hg", "__pycache__", "node_modules"}`

feat: add skill-creator bundled skill 2026-01-11 10:42:56 +00:00			`# Create the .skill file (zip format)`
			`try:`
			`with zipfile.ZipFile(skill_filename, "w", zipfile.ZIP_DEFLATED) as zipf:`
			`# Walk through the skill directory`
			`for file_path in skill_path.rglob("*"):`
fix(security): enforce symlink-safe skill packaging 2026-02-19 10:54:45 +01:00			`# Security: never follow or package symlinks.`
fix(security): OC-22 prevent Zip Slip and symlink following in skill packaging This commit implements critical security fixes for vulnerability OC-22 (CVSS 7.7, CWE-426) in the skill packaging system. ## Security Fixes 1. Symlink Detection and Rejection - Added check to detect and reject symlinks in skill directories - Prevents attackers from including arbitrary system files via symlink following - Rejects packaging with error message if any symlink is found 2. Path Traversal (Zip Slip) Prevention - Added validation for arcname paths in zip archives - Rejects paths containing ".." (directory traversal) - Rejects absolute paths that could escape skill directory - Prevents attackers from overwriting system files during extraction ## Attack Vectors Mitigated - Symlink following: Attacker creates symlink to /etc/passwd or other sensitive files in skill directory → now rejected - Zip Slip: Attacker crafts paths with "../../root/.bashrc" to overwrite system files during extraction → now rejected ## Changes - Modified: skills/skill-creator/scripts/package_skill.py - Added symlink check (line 73-76) - Added path validation check (line 84-87) - Enhanced error messages for security violations - Added: skills/skill-creator/scripts/test_package_skill.py - Comprehensive test suite with 11 test cases - Tests for symlink rejection - Tests for path traversal prevention - Tests for normal file packaging - Tests for edge cases (nested files, multiple files, large skills) ## Testing All 11 tests pass: - test_normal_file_packaging: Normal files packaged correctly - test_symlink_rejection: Symlinks detected and rejected - test_symlink_to_sensitive_file: Sensitive file symlinks rejected - test_zip_slip_prevention: Normal subdirectories work properly - test_absolute_path_prevention: Path validation logic tested - test_nested_files_allowed: Properly nested files allowed - test_multiple_files_with_symlink_mixed: Single symlink fails entire package - test_large_skill_with_many_files: Large skills handled correctly - test_missing_skill_directory: Error handling verified - test_file_instead_of_directory: Error handling verified - test_missing_skill_md: Error handling verified 2026-02-19 20:32:23 +11:00			`if file_path.is_symlink():`
fix(skill-creator): harden skill packaging path handling (#24260) * fix(skill-creator): skip symlinks during skill packaging * test(skill-creator): cover symlink skipping and root-escape guard 2026-02-23 02:07:36 -05:00			`print(f"[WARN] Skipping symlink: {file_path}")`
			`continue`
fix(security): OC-22 prevent Zip Slip and symlink following in skill packaging This commit implements critical security fixes for vulnerability OC-22 (CVSS 7.7, CWE-426) in the skill packaging system. ## Security Fixes 1. Symlink Detection and Rejection - Added check to detect and reject symlinks in skill directories - Prevents attackers from including arbitrary system files via symlink following - Rejects packaging with error message if any symlink is found 2. Path Traversal (Zip Slip) Prevention - Added validation for arcname paths in zip archives - Rejects paths containing ".." (directory traversal) - Rejects absolute paths that could escape skill directory - Prevents attackers from overwriting system files during extraction ## Attack Vectors Mitigated - Symlink following: Attacker creates symlink to /etc/passwd or other sensitive files in skill directory → now rejected - Zip Slip: Attacker crafts paths with "../../root/.bashrc" to overwrite system files during extraction → now rejected ## Changes - Modified: skills/skill-creator/scripts/package_skill.py - Added symlink check (line 73-76) - Added path validation check (line 84-87) - Enhanced error messages for security violations - Added: skills/skill-creator/scripts/test_package_skill.py - Comprehensive test suite with 11 test cases - Tests for symlink rejection - Tests for path traversal prevention - Tests for normal file packaging - Tests for edge cases (nested files, multiple files, large skills) ## Testing All 11 tests pass: - test_normal_file_packaging: Normal files packaged correctly - test_symlink_rejection: Symlinks detected and rejected - test_symlink_to_sensitive_file: Sensitive file symlinks rejected - test_zip_slip_prevention: Normal subdirectories work properly - test_absolute_path_prevention: Path validation logic tested - test_nested_files_allowed: Properly nested files allowed - test_multiple_files_with_symlink_mixed: Single symlink fails entire package - test_large_skill_with_many_files: Large skills handled correctly - test_missing_skill_directory: Error handling verified - test_file_instead_of_directory: Error handling verified - test_missing_skill_md: Error handling verified 2026-02-19 20:32:23 +11:00
fix(skill-creator): exclude .git and VCS internals from .skill archives (#23180) The packager included .git directory contents in .skill archives, causing unnecessary bloat, metadata leakage, and poor artifact hygiene. Hard-exclude .git, .svn, .hg, __pycache__, and node_modules from packaged archives. These paths are never useful in distributable skills. Fixes #23149 Co-authored-by: Cursor <cursoragent@cursor.com> 2026-02-23 04:24:11 +08:00			`rel_parts = file_path.relative_to(skill_path).parts`
			`if any(part in EXCLUDED_DIRS for part in rel_parts):`
			`continue`

feat: add skill-creator bundled skill 2026-01-11 10:42:56 +00:00			`if file_path.is_file():`
fix(skill-creator): harden skill packaging path handling (#24260) * fix(skill-creator): skip symlinks during skill packaging * test(skill-creator): cover symlink skipping and root-escape guard 2026-02-23 02:07:36 -05:00			`resolved_file = file_path.resolve()`
			`if not _is_within(resolved_file, skill_path):`
			`print(f"[ERROR] File escapes skill root: {file_path}")`
			`return None`
Skills/Python: harden script edge cases and add regression tests (#24277) * Skill creator: skip self-including .skill output * Skill creator tests: cover output-dir-inside-skill case * Skill validator: parse frontmatter robustly across newlines * Skill validator tests: add CRLF and malformed frontmatter coverage * Model usage: require positive --days value * Model usage tests: cover --days validation and filtering * Nano banana: close input image handles after loading * Skill validator: keep type hints compatible with older python * Changelog: credit @vincentkoc for Python skills hardening 2026-02-23 02:34:23 -05:00			`# If output lives under skill_path, avoid writing archive into itself.`
			`if resolved_file == skill_filename.resolve():`
			`print(f"[WARN] Skipping output archive: {file_path}")`
			`continue`
fix(security): OC-22 prevent Zip Slip and symlink following in skill packaging This commit implements critical security fixes for vulnerability OC-22 (CVSS 7.7, CWE-426) in the skill packaging system. ## Security Fixes 1. Symlink Detection and Rejection - Added check to detect and reject symlinks in skill directories - Prevents attackers from including arbitrary system files via symlink following - Rejects packaging with error message if any symlink is found 2. Path Traversal (Zip Slip) Prevention - Added validation for arcname paths in zip archives - Rejects paths containing ".." (directory traversal) - Rejects absolute paths that could escape skill directory - Prevents attackers from overwriting system files during extraction ## Attack Vectors Mitigated - Symlink following: Attacker creates symlink to /etc/passwd or other sensitive files in skill directory → now rejected - Zip Slip: Attacker crafts paths with "../../root/.bashrc" to overwrite system files during extraction → now rejected ## Changes - Modified: skills/skill-creator/scripts/package_skill.py - Added symlink check (line 73-76) - Added path validation check (line 84-87) - Enhanced error messages for security violations - Added: skills/skill-creator/scripts/test_package_skill.py - Comprehensive test suite with 11 test cases - Tests for symlink rejection - Tests for path traversal prevention - Tests for normal file packaging - Tests for edge cases (nested files, multiple files, large skills) ## Testing All 11 tests pass: - test_normal_file_packaging: Normal files packaged correctly - test_symlink_rejection: Symlinks detected and rejected - test_symlink_to_sensitive_file: Sensitive file symlinks rejected - test_zip_slip_prevention: Normal subdirectories work properly - test_absolute_path_prevention: Path validation logic tested - test_nested_files_allowed: Properly nested files allowed - test_multiple_files_with_symlink_mixed: Single symlink fails entire package - test_large_skill_with_many_files: Large skills handled correctly - test_missing_skill_directory: Error handling verified - test_file_instead_of_directory: Error handling verified - test_missing_skill_md: Error handling verified 2026-02-19 20:32:23 +11:00
fix(skill-creator): harden skill packaging path handling (#24260) * fix(skill-creator): skip symlinks during skill packaging * test(skill-creator): cover symlink skipping and root-escape guard 2026-02-23 02:07:36 -05:00			`# Calculate the relative path within the zip.`
			`arcname = Path(skill_name) / file_path.relative_to(skill_path)`
feat: add skill-creator bundled skill 2026-01-11 10:42:56 +00:00			`zipf.write(file_path, arcname)`
			`print(f" Added: {arcname}")`

			`print(f"\n[OK] Successfully packaged skill to: {skill_filename}")`
			`return skill_filename`

			`except Exception as e:`
			`print(f"[ERROR] Error creating .skill file: {e}")`
			`return None`


			`def main():`
			`if len(sys.argv) < 2:`
			`print("Usage: python utils/package_skill.py <path/to/skill-folder> [output-directory]")`
			`print("\nExample:")`
			`print(" python utils/package_skill.py skills/public/my-skill")`
			`print(" python utils/package_skill.py skills/public/my-skill ./dist")`
			`sys.exit(1)`

			`skill_path = sys.argv[1]`
			`output_dir = sys.argv[2] if len(sys.argv) > 2 else None`

			`print(f"Packaging skill: {skill_path}")`
			`if output_dir:`
			`print(f" Output directory: {output_dir}")`
			`print()`

			`result = package_skill(skill_path, output_dir)`

			`if result:`
			`sys.exit(0)`
			`else:`
			`sys.exit(1)`


			`if __name__ == "__main__":`
			`main()`