| summary | read_when | |||
|---|---|---|---|---|
ClawHub spec: skills registry, versioning, vector search, moderation |
|
- onlycrabs.ai mode for sharing
SOUL.mdbundles (host-based entry point). - Minimal, fast SPA for browsing and publishing agent skills.
- Skills stored in Convex (files + metadata + versions + stats).
- GitHub OAuth login; GitHub App backs up skills to
clawdbot/skills. - Vector-based search over skill text + metadata.
- Versioning, tags (
latest+ user tags), changelog, rollback (tag movement). - Public read access; upload requires auth.
- Moderation: badges + comment delete; audit everything.
- Paid features, private skills, or binary assets.
- GitHub App sync beyond backups (future phase).
authId(from Convex Auth provider)handle(GitHub login)name,bioavatarUrl(GitHub, fallback gravatar)role:admin | moderator | user(moderators can soft-delete and flag; admins can hard-delete + change owners)createdAt,updatedAt
slug(unique)displayNameownerUserIdsummary(from SKILL.md frontmatterdescription)latestVersionIdlatestTagVersionId(forlatesttag)tagsmap:{ tag -> versionId }badges:{ redactionApproved?: { byUserId, at }, highlighted?: { byUserId, at }, official?: { byUserId, at }, deprecated?: { byUserId, at } }officialmarks admin-verified/official skills.deprecatedmarks skills that should not be used for new integrations.
moderationStatus:active | hidden | removedmoderationFlags:string[](automatic detection)moderationNotes,moderationReasonhiddenAt,hiddenBy,lastReviewedAt,reportCountstats:{ downloads, stars, versions, comments }createdAt,updatedAt
skillIdversion(semver string)tag(string, optional;latestalways maintained separately)changelog(required)files: list of file metadatapath,size,storageId,sha256
parsed(metadata extracted from SKILL.md)vectorDocId(if using RAG component) ORembeddingIdcreatedBy,createdAtsoftDeletedAt(nullable)
From SKILL.md frontmatter + AgentSkills + Clawdis extensions:
name,description,homepage,website,url,emojimetadata.clawdis:always,skillKey,primaryEnv,emoji,homepage,os,requires(bins,anyBins,env,config),install[],nix(plugin,systems),config(requiredEnv,stateDirs,example),cliHelp(string;cli --helpoutput)metadata.clawdbot: alias ofmetadata.clawdis(preferred for nix-clawdbot plugin pointers)- Nix plugins are different from regular skills; they bundle the skill pack, the CLI binary, and config flags/requirements together.
metadatain frontmatter is YAML (object) preferred; legacy JSON-string accepted.
slug(unique)displayNameownerUserIdsummary(from SOUL.md frontmatterdescription)latestVersionIdtagsmap:{ tag -> versionId }stats:{ downloads, stars, versions, comments }status:activeonly (soft-delete on version/comment only)createdAt,updatedAt
soulIdversion(semver string)tag(string, optional;latestalways maintained separately)changelog(required)files: list of file metadata (SOUL.md only)path,size,storageId,sha256
parsed(metadata extracted from SOUL.md)vectorDocId(if using RAG component) ORembeddingIdcreatedBy,createdAtsoftDeletedAt(nullable)
soulId,userId,bodysoftDeletedAt,deletedBycreatedAt
soulId,userId,createdAt
skillId,userId,bodysoftDeletedAt,deletedBycreatedAt
skillId,userId,createdAt
actorUserIdaction(enum:badge.set,badge.unset,comment.delete,role.change)targetType/targetIdmetadata(json)createdAt
- Convex Auth with GitHub OAuth App.
- Default role
user; bootstrapsteipetetoadminon first login. - Management console: moderators can hide/restore skills + mark duplicates + ban users; admins can change owners, approve badges, hard-delete skills, and ban users (deletes owned skills).
- Role changes are admin-only and audited.
- Reporting: any user can report skills/comments; per-user cap 20 active reports; targets auto-hide after >3 unique reports (mods can review/unhide/delete/ban).
- Commenting (skills + souls) requires GitHub account age ≥ 14 days.
- Client requests upload session.
- Client uploads each file via Convex upload URLs (no binaries, text only).
- Client submits metadata + file list + changelog + version + tags.
- Server validates:
- total size ≤ 50MB
- file extensions/text content
- SKILL.md exists and frontmatter parseable
- version uniqueness
- GitHub account age ≥ 14 days
- Server stores files + metadata, sets
latesttag, updates stats.
Soul upload flow: same as skills (including GitHub account age checks), but only SOUL.md is allowed.
Seed data lives in convex/seed.ts for local dev.
- Each upload is a new
SkillVersion. latesttag always points to most recent version unless user re-tags.- Rollback: move
latest(and optionally other tags) to an older version. - Changelog is optional.
- Vector search over: SKILL.md + other text files + metadata summary (souls index SOUL.md).
- Convex embeddings + vector index.
- Filters: tag, owner,
redactionApprovedonly, min stars, updatedAt.
- JSON API for skill metadata + versions.
- Download endpoint returns zip of a version (HTTP action).
- Soft-delete versions; downloads remain for non-deleted versions only.
- Home: search + filters + trending/featured + “Highlighted” badge.
- Skill detail: README render, files list, version history, tags, stats, badges.
- Upload/edit: file picker + version + tag + changelog.
- Account settings: name + delete account (permanent, non-recoverable; published skills stay public).
- Admin: user role management + badge approvals + audit log.
- Vitest 4 with >=70% global coverage.
- Lint: Biome + Oxlint (type-aware).
- Env vars: Convex deployment URLs + GitHub OAuth client + OpenAI key (if used) + GitHub App backup credentials.
- SPA feel: client-side transitions, prefetching, optimistic UI.
- Embeddings provider key + rate limits.
- Zip generation memory limits (optimize with streaming if needed).
- GitHub App repo sync (phase 2).