{"id":50333046,"url":"https://github.com/albertdobmeyer/openskill-forge","last_synced_at":"2026-05-29T11:01:27.259Z","repository":{"id":351356575,"uuid":"1149215213","full_name":"albertdobmeyer/openskill-forge","owner":"albertdobmeyer","description":"Offline-first skill workbench with malware scanning for the OpenClaw ecosystem","archived":false,"fork":false,"pushed_at":"2026-05-18T04:50:30.000Z","size":586,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-05-18T06:48:57.978Z","etag":null,"topics":["ai-agents","ai-skills","clawhub","developer-tools","moltbook","openclaw","security","security-scanner"],"latest_commit_sha":null,"homepage":"https://github.com/gitgoodordietrying/clawhub-forge#readme","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/albertdobmeyer.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":"docs/roadmap.md","authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-02-03T21:20:40.000Z","updated_at":"2026-05-18T04:50:44.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/albertdobmeyer/openskill-forge","commit_stats":null,"previous_names":["albertdobmeyer/clawhub-forge","albertdobmeyer/openskill-forge"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/albertdobmeyer/openskill-forge","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/albertdobmeyer%2Fopenskill-forge","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/albertdobmeyer%2Fopenskill-forge/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/albertdobmeyer%2Fopenskill-forge/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/albertdobmeyer%2Fopenskill-forge/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/albertdobmeyer","download_url":"https://codeload.github.com/albertdobmeyer/openskill-forge/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/albertdobmeyer%2Fopenskill-forge/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33648534,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-05-29T02:00:06.066Z","response_time":107,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ai-agents","ai-skills","clawhub","developer-tools","moltbook","openclaw","security","security-scanner"],"created_at":"2026-05-29T11:01:26.458Z","updated_at":"2026-05-29T11:01:27.249Z","avatar_url":"https://github.com/albertdobmeyer.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# openskill-forge\n\n[![Skill CI](https://github.com/albertdobmeyer/openskill-forge/actions/workflows/skill-ci.yml/badge.svg)](https://github.com/albertdobmeyer/openskill-forge/actions/workflows/skill-ci.yml) [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](LICENSE)\n\nA skill-authoring toolchain and security scanner for [ClawHub](https://clawdhub.com), the third-party skill registry for the OpenClaw agent runtime. Provides offline static analysis, line-level zero-trust verification, behavioural testing, and a gated publishing pipeline.\n\nThis repository serves two roles. As a **standalone toolchain**, it is the author's environment for creating, testing, and publishing skills to ClawHub; twenty-five published skills are included as reference implementations. As a **OpenTrApp component**, the same scanner runs inside the `vault-forge` container of the five-container perimeter (see [ADR-0009](https://github.com/albertdobmeyer/opentrapp/blob/main/docs/adr/0009-five-container-perimeter.md)) to vet skills before they reach the agent runtime in `vault-agent`.\n\n**Author:** [@albertdobmeyer](https://github.com/albertdobmeyer)\n\n---\n\n## Why a static scanner\n\nGenerating a skill takes seconds. The gap between *generated* and *production-ready* — which is where supply-chain risk lives — is the problem this toolchain addresses. The pipeline gates each skill through:\n\n- **87 malicious-content patterns across 13 categories**, MITRE ATT\u0026CK-mapped, derived from observed trojanised skills (the ClawHavoc campaign and the `moltbook-ay` trojan).\n- **Sixteen prompt-injection detection patterns**, covering instruction override, persona hijacking, stealth commands, exfiltration directives, and LLM control-token injection.\n- **Multi-file scanning** across `.md`, `.sh`, `.py`, `.js`, `.ts`, `.yaml`, `.yml`, `.json`. Many trojanised skills hid the payload outside `SKILL.md`.\n- **Strict mode** (`make scan-strict`) blocks `HIGH`-severity findings in addition to `CRITICAL`. Defends against credential theft, persistence, and container-escape patterns that fall short of `CRITICAL` thresholds.\n- **Post-install quarantine** — when `ALLOW_INSTALL=1` is used, the scanner re-runs on newly installed skills; failures are quarantined.\n- **Suppression audit** — `.scanignore` ranges greater than 50 lines are rejected, preventing blanket suppression of large file regions.\n- **Behavioural assertions** — 168+ assertions enforce structural and content consistency across all included skills.\n- **Mandatory test gate** — every skill must have a test file before it can be published.\n- **Gated publishing** — `make publish` will not run unless lint, scan, and test all pass.\n- **SARIF output** — `make scan-sarif` produces SARIF 2.1.0 for GitHub code-scanning integration.\n- **Zero-trust line verifier** — `make verify-all` classifies every line in every file. A single unrecognised line quarantines the entire skill. Detects novel attacks the static blocklist does not cover.\n- **Trend tracking** — `make stats-trend` and `make stats-rank` report adoption metrics over time.\n\n`make report` produces a concrete summary of the gates exercised by the pipeline.\n\n---\n\n## Operator commands\n\n```bash\nmake verify                              # 12-point workbench health check\nmake report                              # Pipeline summary\nmake scan-strict                         # Scan with HIGH-severity blocking\nmake verify-all                          # Zero-trust verify all skills\nmake verify-skill SKILL=docker-sandbox   # Verify a single skill\nmake verify-report SKILL=docker-sandbox  # Per-line verdict report\nmake test-tools                          # Tool behavioural tests\nmake check-all                           # Full pipeline + self-test + tool tests\nmake explore                             # Top 20 skills on ClawHub by downloads\nmake explore QUERY=\"docker\"              # Semantic search\nmake explore SORT=trending               # Currently trending\nmake stats                               # Adoption metrics for the included skills\nmake stats-trend                         # Growth deltas vs previous snapshots\nmake stats-rank                          # Included skills ranked against ClawHub top 50\n```\n\n---\n\n## Limitations\n\nThe toolchain is transparent about what it cannot provide:\n\n- **Installer identity** — the ClawHub API does not expose installer identities or per-user usage data. Download counts are the best signal.\n- **Bot-versus-human attribution** — there is no way to distinguish human installs from automated agent installs.\n- **No web dashboard** — this is a CLI-first toolchain; terminal output and machine-readable summaries are the supported interfaces.\n- **No dependency resolution** — ClawHub treats skills as standalone; no automatic dependency installation.\n- **No automatic version bumping** — version is always an explicit `VERSION=x.y.z` parameter, requiring deliberate operator action.\n\n---\n\n## Quick start\n\n### Dev container (recommended)\n\nOpen this repository in VS Code with the [Dev Containers extension](https://marketplace.visualstudio.com/items?itemName=ms-vscode-remote.remote-containers). The dev container installs Node.js, Python, `molthub`, and required dependencies automatically.\n\n### Local\n\nRequirements: bash, git, python3 (for YAML and JSON validation). Optional: `molthub` (`npm install -g molthub`).\n\n```bash\nmake help                                # All available commands\nmake new SKILL=my-tool                   # Scaffold a skill from template\nmake lint                                # Lint all skills\nmake scan                                # Security-scan all skills\nmake test                                # Run behavioural tests\nmake check                               # Full pipeline: lint + scan + test\n```\n\n---\n\n## Pipeline stages\n\n### Linter (`make lint`)\n\nVerifies skill quality. Checks frontmatter completeness (`name`, `description`, `metadata`; valid slug; description length; valid JSON metadata), structural elements (H1 title, `## When to Use`, `## Tips`), content quality (line count between 150 and 700, ≥8 code blocks, language tags on fences, absence of `TODO`/`FIXME`/`XXX` placeholders), and metadata consistency (every binary in `requires.anyBins` referenced in the body).\n\n### Scanner (`make scan`)\n\nOffline. Network access is not required at scan time. Operates on the entire skill directory, not just `SKILL.md`. Pattern catalogue:\n\n| Category | Severity | Coverage |\n|----------|----------|----------|\n| C2 / download | CRITICAL | curl, wget, fetch to external URLs |\n| Archive execution | CRITICAL | Password-protected ZIP / 7z extraction |\n| Exec download | CRITICAL | chmod-then-execute, `bash -c` with curl, eval with subshell |\n| Credential access | HIGH | `.env`, `.ssh` keys, AWS/Kubernetes credentials, `/proc/environ`, PEM files |\n| Data exfiltration | CRITICAL | `curl POST`, netcat, DNS exfiltration, `scp`, `git push`, FTP to literal IPs |\n| Obfuscation | HIGH | Base64/hex-decode-to-shell, Python/Perl/Ruby `eval`, OpenSSL decrypt |\n| Persistence | HIGH | crontab, `~/.bashrc`/`.profile`/`.zshrc`/fish, `at now`, `launchctl` |\n| Privilege escalation | MEDIUM–HIGH | `sudo chmod 777`, setuid, `sudo su`, `nsenter` |\n| Container escape | HIGH | `--privileged`, `SYS_ADMIN`, host-mount, docker.sock, `sysrq` |\n| Supply chain | MEDIUM | Unsafe `npm install`, `pip --pre`, registry hijack |\n| Environment injection | MEDIUM | `LD_PRELOAD`, PATH manipulation, `env -i` |\n| Resource abuse | HIGH | Fork bomb, infinite loop with network |\n| Prompt injection | HIGH–CRITICAL | Override attempts, persona hijacking, stealth instructions, exfiltration directives, LLM control-token injection |\n\nOutput modes:\n\n| Command | Output |\n|---------|--------|\n| `make scan` | Coloured terminal output |\n| `make scan-summary` | One line per skill |\n| `make scan-json` | Structured JSON |\n| `make scan-sarif` | SARIF 2.1.0 for GitHub code scanning |\n| `make scan-strict` | HIGH severity blocks in addition to CRITICAL |\n| `make self-test` | Validates the scanner against known-bad and known-clean fixtures |\n\nSkills that legitimately reference malicious patterns (e.g. `security-audit`) may use inline `\u003c!-- scan:ignore --\u003e` markers or a `.scanignore` file. Suppressions are audited; ranges greater than 50 lines are rejected.\n\n### Zero-trust verifier (`make verify-skill SKILL=name`)\n\nThe scanner uses a blocklist (search for known-bad, allow everything else). The verifier inverts this: every line in every file must classify as `SAFE`, otherwise the entire skill is quarantined. No partial passes; no thresholds.\n\n| Verdict | Meaning |\n|---|---|\n| `SAFE` | Matches a known-safe pattern (structural Markdown, prose under 500 characters, code inside fenced blocks, frontmatter fields) |\n| `SUSPICIOUS` | Does not match any safe pattern (possible obfuscation, unknown encoding, excessively long content) |\n| `MALICIOUS` | Triggers the 87-pattern blocklist |\n\nA skill is released from quarantine only if it has zero malicious lines and zero suspicious lines.\n\n**Two-stage post-install defence:** newly installed skills pass through `skill-scan.sh --strict` (blocklist, fast) and then `skill-verify.sh --strict` (allowlist, thorough). Both must pass.\n\n**Trust manifests:** included skills can carry `.trust` files containing SHA-256 content hashes, allowing them to skip verification when unchanged. External skills do not carry trust manifests.\n\n### Test framework (`make test`)\n\nBehavioural assertions for skills, equivalent in role to a unit-test framework for `SKILL.md` files:\n\n```bash\nassert_section_exists \"$SKILL\" \"When to Use\"\nassert_contains \"$SKILL\" \"docker\\s+(run|build|exec)\"\nassert_not_contains \"$SKILL\" \"(TODO|FIXME|XXX)\"\nassert_min_code_blocks \"$SKILL\" 8\nassert_frontmatter_field \"$SKILL\" \"name\" \"^docker-sandbox$\"\n```\n\nTests live at `tests/\u003cskill-name\u003e.test.sh` with `test_*` functions. The runner discovers and executes them automatically.\n\n### Publisher (`make publish`)\n\nGated pipeline. Lint, scan, and test must all pass before `molthub publish` is invoked.\n\n```bash\nmake publish SKILL=my-tool VERSION=1.0.0\n```\n\n---\n\n## Containerised deployment\n\nIn production, the toolchain runs inside the `vault-forge` container of the OpenTrApp five-container perimeter. All untrusted content (downloaded skills) is processed inside the container and never reaches the host filesystem.\n\n- The `Containerfile` in this repository's root defines the image (~233 MB, `python:3.10-slim` plus the bash toolchain).\n- `vault-forge` is one of four services in `compose.yml` at the opentrapp root.\n- It runs on `forge-net`, an internal network. It can reach `vault-proxy` for outbound HTTPS but cannot reach `vault-agent` or `vault-pioneer` directly.\n- Certified skills are delivered to the agent through the `forge-deliveries` shared volume, which is writable in `vault-forge` and read-only in `vault-agent`.\n- Non-root user, capabilities dropped, 1 GB memory limit, custom seccomp profile.\n\nThe CLI/Makefile usage documented above remains the supported interface for development. The `Containerfile` copies this repository into the image and runs the same bash toolchain.\n\n---\n\n## Included skills\n\nTwenty-five reference skills, all passing the full pipeline:\n\n| Skill | Install | Description |\n|---|---|---|\n| [api-dev](skills/api-dev/SKILL.md) | `molthub install api-dev` | curl testing, bash and Python test runners, OpenAPI-spec generation, mock servers, Express scaffolding |\n| [cicd-pipeline](skills/cicd-pipeline/SKILL.md) | `molthub install cicd-pipeline` | GitHub Actions for Node, Python, Go, Rust; matrix builds, caching, Docker build-and-push, secrets management |\n| [coding-agent](skills/coding-agent/SKILL.md) | `molthub install coding-agent` | Reference patterns for an autonomous coding-agent system prompt and toolset |\n| [container-debug](skills/container-debug/SKILL.md) | `molthub install container-debug` | Container logs, exec, networking diagnostics, resource inspection, multi-stage build debugging, health checks, Compose |\n| [cron-scheduling](skills/cron-scheduling/SKILL.md) | `molthub install cron-scheduling` | Cron syntax, systemd timers, one-off jobs, timezone and DST handling, monitoring, locking, idempotent patterns |\n| [csv-pipeline](skills/csv-pipeline/SKILL.md) | `molthub install csv-pipeline` | CSV/JSON/TSV processing — filter, join, aggregate, deduplicate, validate, convert |\n| [data-validation](skills/data-validation/SKILL.md) | `molthub install data-validation` | JSON Schema, Zod, Pydantic, CSV and JSON integrity checks, migration validation |\n| [dns-networking](skills/dns-networking/SKILL.md) | `molthub install dns-networking` | DNS debugging (`dig`, `nslookup`), port testing, firewall rules, curl diagnostics, proxy configuration, certificates |\n| [docker-sandbox](skills/docker-sandbox/SKILL.md) | `molthub install docker-sandbox` | Container sandbox VM management, network proxy, workspace mounting, troubleshooting |\n| [emergency-rescue](skills/emergency-rescue/SKILL.md) | `molthub install emergency-rescue` | Recovery procedures: git disasters, credential leaks, disk full, OOM kills, database failures, deploy rollback, SSH lockout, network outage |\n| [encoding-formats](skills/encoding-formats/SKILL.md) | `molthub install encoding-formats` | Base64, URL encoding, hex, Unicode, JWT decoding, hashing, serialization-format conversion |\n| [git-workflows](skills/git-workflows/SKILL.md) | `molthub install git-workflows` | Interactive rebase, bisect, worktree, reflog recovery, cherry-pick, subtree/submodule, sparse checkout, conflict resolution |\n| [infra-as-code](skills/infra-as-code/SKILL.md) | `molthub install infra-as-code` | Terraform, CloudFormation, Pulumi — VPC, compute, storage, state management, multi-environment patterns |\n| [log-analyzer](skills/log-analyzer/SKILL.md) | `molthub install log-analyzer` | Log parsing, error patterns, stack-trace extraction, structured logging, real-time monitoring, correlation |\n| [makefile-build](skills/makefile-build/SKILL.md) | `molthub install makefile-build` | Make targets, pattern rules, language-specific Makefiles, modern alternatives (Just, Task) |\n| [perf-profiler](skills/perf-profiler/SKILL.md) | `molthub install perf-profiler` | CPU and memory profiling, flame graphs, benchmarking, load testing, leak detection, query optimisation |\n| [regex-patterns](skills/regex-patterns/SKILL.md) | `molthub install regex-patterns` | Validation patterns, parsing, extraction across JS/Python/Go/grep, search-and-replace, lookahead/lookbehind |\n| [security-audit](skills/security-audit/SKILL.md) | `molthub install security-audit-toolkit` | Dependency scanning, secret detection, OWASP patterns, SSL/TLS verification, file permissions, audit scripts |\n| [shell-scripting](skills/shell-scripting/SKILL.md) | `molthub install shell-scripting` | Argument parsing, error handling, trap and cleanup, temp files, parallel execution, portability, config parsing |\n| [skill-reviewer](skills/skill-reviewer/SKILL.md) | `molthub install skill-reviewer` | Quality audit framework — rubric, defect checklists, structural/content/actionability review |\n| [skill-search-optimizer](skills/skill-search-optimizer/SKILL.md) | `molthub install skill-search-optimizer` | Registry discoverability — semantic-search mechanics, description optimisation, visibility testing |\n| [skill-writer](skills/skill-writer/SKILL.md) | `molthub install skill-writer` | `SKILL.md` authoring guide — format spec, frontmatter schema, content patterns, templates |\n| [sql-toolkit](skills/sql-toolkit/SKILL.md) | `molthub install sql-toolkit` | SQLite, PostgreSQL, MySQL — schema design, queries, CTEs, window functions, migrations, EXPLAIN, indexing |\n| [ssh-tunnel](skills/ssh-tunnel/SKILL.md) | `molthub install ssh-tunnel` | Local/remote/dynamic port forwarding, jump hosts, SSH config, key management, scp/rsync, debugging |\n| [test-patterns](skills/test-patterns/SKILL.md) | `molthub install test-patterns` | Jest/Vitest, pytest, Go, Rust, bash — unit tests, mocking, fixtures, coverage, TDD, integration testing |\n\n---\n\n\u003cdetails\u003e\n\u003csummary\u003e\u003cstrong\u003eResearch and threat-landscape findings\u003c/strong\u003e\u003c/summary\u003e\n\nThe toolchain's design was informed by ecosystem analysis. The following research artifacts are preserved in `docs/`:\n\n- **Trojanised skill discovery** — the `moltbook-ay` skill contained instructions to download and execute malware via password-protected archives. Classic social engineering adapted for autonomous agents. No code was executed; the `molthub install` process was [verified from source](docs/journey.md#phase-11-security-audit) to be download-extract-write only.\n- **ClawHub platform analysis** — API reverse-engineering, registry discovery protocol, skill format schema, publishing flow, semantic-search mechanics, and registry statistics. Full report: [`docs/research/clawdhub-platform-report.md`](docs/research/clawdhub-platform-report.md).\n- **Security compilation** — Willison's \"lethal trifecta\" framework, CVE-2026-25253 (one-click RCE), the ClawHavoc supply-chain campaign (341 malicious skills), the Moltbook database breach, and 21,639 publicly-exposed instances. Full analysis: [`docs/research/security-report.md`](docs/research/security-report.md).\n- **End-to-end narrative** — From package vetting to twenty-five published skills, ecosystem retraction, and lessons learned: [`docs/journey.md`](docs/journey.md).\n\n\u003c/details\u003e\n\n---\n\n## Repository structure\n\n```\nopenskill-forge/\n├── Makefile                       single entry point for all commands (~35 targets)\n├── component.yml                  OpenTrApp manifest contract\n├── Containerfile                  vault-forge container image\n├── skills/                        25 reference skills\n├── tools/\n│   ├── lib/\n│   │   ├── common.sh              colours, logging, skill discovery\n│   │   ├── frontmatter.sh         YAML frontmatter parser and validator\n│   │   ├── patterns.sh            87 malicious-content patterns\n│   │   ├── line-classifier.sh     SAFE / SUSPICIOUS / MALICIOUS classifier\n│   │   ├── trust-manifest.sh      `.trust` file generation and SHA-256 validation\n│   │   └── sarif_formatter.py     SARIF 2.1.0 output formatter\n│   ├── skill-lint.sh              linter\n│   ├── skill-scan.sh              static scanner\n│   ├── skill-verify.sh            zero-trust line verifier\n│   ├── skill-test.sh              test runner\n│   ├── skill-new.sh               scaffolder\n│   ├── skill-publish.sh           gated publisher\n│   ├── skill-stats.sh             adoption metrics\n│   ├── registry-explore.sh        registry browsing\n│   ├── workbench-verify.sh        12-point health check\n│   └── pipeline-report.sh         pipeline summary\n├── templates/                     skill templates\n├── tests/\n│   ├── _framework/                test runner and assertions\n│   ├── scanner-self-test/         scanner accuracy fixtures\n│   └── *.test.sh                  25 test files\n├── .github/workflows/\n│   └── skill-ci.yml               CI: lint, scan, test on every PR\n└── docs/                          research, setup, journey\n```\n\n## Skill format\n\nEach skill is a `SKILL.md` file with YAML frontmatter that informs an AI agent of when and how to use it:\n\n```yaml\n---\nname: my-skill\ndescription: When to activate this skill\nmetadata: {\"clawdbot\":{\"emoji\":\"...\",\"requires\":{\"anyBins\":[\"tool1\",\"tool2\"]}}}\n---\n\n# Skill Title\n\nReference material, patterns, commands, and examples that the agent\nfollows to perform the task.\n```\n\nSkills install via `molthub install \u003cslug\u003e` and are placed at `./skills/\u003cslug\u003e/`; the agent loads them on demand.\n\n---\n\n## Companion repositories\n\n- [`opencli-container`](https://github.com/albertdobmeyer/opencli-container) — runtime containment for the OpenClaw agent. Hardened container, proxy-side API-key injection, domain allowlist, three-level kill switch, 24-point security verification.\n- [`openagent-social`](https://github.com/albertdobmeyer/openagent-social) — analysis of the Moltbook AI-agent social network. **Parked since 2026-05-03** following Meta's acquisition of Moltbook on 2026-03-10 and the resulting API instability.\n\n## License\n\nSkills are published to ClawHub under the registry's terms. Source files in this repository are licensed under [MIT](LICENSE).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Falbertdobmeyer%2Fopenskill-forge","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Falbertdobmeyer%2Fopenskill-forge","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Falbertdobmeyer%2Fopenskill-forge/lists"}