Skill: publish-skill

Convert a personal agent skill into a clean, distributable, open-source-ready skill package. This skill walks through a 7-phase pipeline that audits for personally identifiable information, generalizes language and role assumptions, verifies license compatibility, checks cross-platform adapter needs, and prepares the final package for commit.

Communication Rules

• Communicate with the user in their preferred language
• Use English for technical terms (PII, MIT, CC BY, GPL, YAML frontmatter)
• Present audit findings in structured tables

Phase 0: Init and Identify Source

Required Inputs

Collect from the user:

1. Source skill path: directory containing the personal skill (e.g., ~/.claude/skills/my-skill/ or ~/.agents/skills/my-skill/)
2. Target package path: directory of the distributable package (e.g., ~/workspace/<your-package>/)
3. Target license: license of the package (default: MIT)

Actions

1. Read SKILL.md from the source skill directory
2. Inventory all files recursively (ls -R)
3. Classify skill type:
   • Standalone: self-contained skill with no agent delegation
   • Orchestrator: delegates to sub-agents (NOT suitable for distribution without refactoring)
   • Wrapper: thin wrapper around another tool/API
4. Present inventory table to the user:

| File | Lines | Type | Notes |
|------|-------|------|-------|

Gate: User confirms source skill and target package before proceeding.

Phase 1: Originality Check

Verify the skill is original work suitable for open-source distribution.

Checks

1. External source: Is this skill adapted from another package or author? Check for attribution headers, license blocks, or "based on" comments.
2. Third-party content: Do any files in references/ come from external sources (published guidelines, textbooks, standards bodies)?
3. Competitive sensitivity: Does the skill reveal proprietary business logic or competitive advantage that should remain private?

Decision Matrix

Phase 2: PII De-identification Audit

Zero tolerance: the skill must have exactly 0 PII matches before proceeding.

Pre-scan Setup

Before running, ask the user for everything that should also count as a PII hit but is unique to them:

• Their name(s) in all languages and romanizations (a placeholder shape: <First Last>|<native-script name>)
• Their institutional affiliation(s) (a placeholder shape: <Institution>|<Hospital>)
• Any collaborator surnames that may appear in drafts or filenames

Combine the inputs into a single grep -E alternation pattern (pipe-separated).

Automated Scan

Run the bundled audit script. The first argument is the skill directory; the second is the user-specific alternation pattern from Pre-scan Setup.

bash ${CLAUDE_SKILL_DIR}/scripts/audit_skill.sh <source_skill_path> \
    "<First Last>|<native-script name>|<Institution>|<Hospital>"

The script runs nine categories that mirror the medsci-skills monorepo linter (scripts/validate_skills.sh):

1. Hardcoded paths (/Users/<name>/, /home/<name>/, ~/Documents, ~/Desktop, ~/Downloads, ~/Projects)
2. Email addresses (any address-shaped string)
3. IP addresses / internal URLs (*.internal, *.local, *.corp)
4. Institutional references (SNUH / AMC / SMC / KAIST / SNU / ASAN / MGH / Mayo Clinic / Johns Hopkins / Samsung Medical / Severance / Asan Medical)
5. Academic roles with names (professor <Surname>, Prof. <Surname>, Dr. <Surname>, PGY[0-9], <한글이름> 교수님)
6. Language hardcoding ("in Korean", "한국어로", "in Japanese", "in Chinese")
7. Location specifics (Seoul / Busan / Daegu / Tokyo / Beijing / Shanghai / Boston / Stanford and Korean variants)
8. Blockquote dated precedent (> YYYY-MM-DD ... lines that reveal an internal review timeline)
9. Author-style filenames (<Surname>{Year}_* pattern, e.g., <Surname>2025_<Journal>_Fig01.png; allow-list excludes generic tokens like Issue2024_, Sample2025_)
10. Binary EXIF metadata (DOCX / PPTX / XLSX / PDF / PNG / JPG / TIFF — scanned via exiftool when installed; skipped silently otherwise with an install hint)

False-positive guard: text scans use grep --binary-files=without-match so byte-stream collisions inside .pyc, .png, or .docx files do not trigger findings. __pycache__/ is also explicitly skipped.

Cross-validation

For categories the script flags, also manually verify with the Grep tool against ${CLAUDE_SKILL_DIR}/references/pii-patterns.md. Pay particular attention to:

• Names not in the EXTRA_PATTERNS argument (e.g., a co-author who appeared only in one early draft)
• Domain-specific institutional acronyms (your institution may not be in the default list)
• Project-specific identifiers like CK-NN, MA-NN, dated cohort names

Output Format

Present all findings in a remediation table:

| # | File:Line | Category | Match | Suggested Fix |
|---|-----------|----------|-------|---------------|

Gate: User reviews all findings. Fix each one. Re-run audit. Proceed only when 0 hits confirmed.

Phase 3: Generalization

Transform personal assumptions into universal defaults.

Language

• Replace: "in Korean" / "한국어로" / "Korean language" → "in the user's preferred language"
• Replace: "communicate in [specific language]" → "Communicate with the user in their preferred language"
• Keep: multilingual trigger keywords in the triggers: field (these aid discovery)

Role

• Replace: "radiology researcher" → "medical researcher" (if the skill is domain-general)
• Replace: "professor" / "fellow" → "researcher" or "user" (context-dependent)
• Keep: domain-specific terms that define the skill's scope (e.g., "diagnostic accuracy" is fine)

Paths

• Replace: hardcoded absolute paths → ${CLAUDE_SKILL_DIR} for bundled reference files
• Replace: ~/Documents/... → user-provided output directory
• Keep: relative paths within the skill directory structure

Environment

• Remove: assumptions about specific OS (macOS, Linux)
• Remove: assumptions about specific editors or IDEs
• Remove: references to personal infrastructure (agents, other personal skills)
• Keep: tool requirements listed in frontmatter tools: field

Interoperability

• Check: does the skill reference other skills by name (e.g., "route to analyze-stats")?
• If referenced skill exists in target package: keep the reference
• If referenced skill does NOT exist in target package: make it optional with fallback instructions

Output

Show a unified diff of all generalization changes for user review.

Phase 4: License Compatibility Check

Verify all bundled files are compatible with the target package license.

Scan Process

For each file in the skill's references/ and scripts/ directories:

1. Check for license headers or declarations within the file
2. Check for LICENSE files in the same directory
3. If the file contains content from a known standard (reporting guidelines, clinical scores, etc.), identify the source and its license

Compatibility Matrix

Reference ${CLAUDE_SKILL_DIR}/references/license-compatibility-matrix.md for the full matrix.

Quick reference for MIT target: