ClawHub

Skill Miner

v1.0.0

Discover, research, and analyze ClawHub skills safely to build your own clean, secure implementations without downloading suspicious code.

2· 822·4 current·5 all-time
byChristopher@christopher-schulze
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the content: SKILL.md focuses on discovering skills on ClawHub, inspecting metadata, analyzing approaches, and building clean replacements. It does not request unrelated credentials, binaries, or system access.
Instruction Scope
Instructions are narrowly scoped to using the clawhub CLI (search, explore, inspect) and to a 'skill-creator' step for building implementations. The skill does not instruct reading local config or secrets. Minor note: it references external tools (clawhub, skill-creator) but the metadata doesn't declare those as required binaries — this is an omission in metadata rather than a functional mismatch.
Install Mechanism
No install spec and no code files — instruction-only. Nothing is downloaded or written to disk by the skill itself, which minimizes install risk.
Credentials
The skill declares no environment variables, credentials, or config paths and the instructions do not request secrets. Recommended CLI calls will communicate with ClawHub but do not require sensitive local credentials.
Persistence & Privilege
Skill is not force-included (always:false) and makes no requests to modify agent or system-wide configuration. Autonomous model invocation is allowed by platform default but the skill's instructions do not request elevated persistence or cross-skill config changes.
Assessment
This is an instruction-only guide for safely researching ClawHub skills and creating your own clean implementations; it's coherent and does not request secrets or install code. Before using it, confirm you have a trusted 'clawhub' CLI (the skill assumes you will run clawhub search/inspect/explore) and that any 'skill-creator' tooling you use is trustworthy. Remember that running clawhub inspect/search communicates with the ClawHub service — verify that service and the skill owners you inspect are reputable. The SKILL.md is guidance only: it won't execute by itself, but an agent that follows it may run the referenced CLI commands, so control whether the agent is allowed to run external CLIs or make network requests. If you want stronger guarantees, manually perform the inspect steps and avoid running clawhub install on untrusted skills; when building replacements, keep dependencies minimal and avoid executing downloaded code.

Like a lobster shell, security has layers — review code before you run it.

automationvk97c41mx4dazmwb5xs6xcnyz0x818hrhclawhubvk97c41mx4dazmwb5xs6xcnyz0x818hrhlatestvk97c41mx4dazmwb5xs6xcnyz0x818hrhresearchvk97c41mx4dazmwb5xs6xcnyz0x818hrhsecurityvk97c41mx4dazmwb5xs6xcnyz0x818hrhskill-discoveryvk97c41mx4dazmwb5xs6xcnyz0x818hrh
822downloads
2stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
Christopher@christopher-schulze
automationclawhublatestresearchsecurityskill-discovery
Download

skill-miner

Research. Analyze. Build Clean.

Systematic approach to discovering skills on ClawHub and building your own implementations. Instead of downloading potentially risky code, use this skill to research existing solutions, understand their approaches, and create your own clean, safe version.

Trust but verify, built but owned. 🦞

When to Use This Skill

Use this skill when:

  • You need new functionality you don't have
  • You want to research how others solve problems
  • You find a suspicious skill but like the idea
  • You're building a new skill from scratch
  • You want to stay ahead of ClawHub trends

Core Philosophy

1. NEVER download suspicious skills
2. INSPECT to understand the idea  
3. BUILD your own clean implementation
4. PUBLISH or keep private

Why?

  • Suspicious = potential malware/risk (ew, no thanks)
  • Building yourself = 100% clean & safe (sleep well at night)
  • Generic = works for everyone (share the love)
  • Your code, your rules 🦞

Workflow

Phase 1: Discovery

# Search for relevant skills
clawhub search <topic>

# Explore trending
clawhub explore --sort trending --limit 20

# Find gaps
clawhub explore --sort newest --limit 50

Phase 2: Research

# Inspect without downloading
clawhub inspect <skill-slug>

# Read the SKILL.md to understand:
# - What problem it solves
# - How it triggers
# - What commands/tools it uses

Phase 3: Analysis

Document what you learned:

  • Problem: What need does it address?
  • Approach: How does it solve it?
  • Tools: What commands/APIs does it use?
  • Gaps: What's missing or could be better?

Phase 4: Build

Use skill-creator to build your clean version:

  • Same problem, different implementation
  • Add missing features
  • Make it generic and reusable

Search Commands

Basic Search

# Task-based
clawhub search "pdf edit"
clawhub search "file transfer"
clawhub search "api github"

# Tool-based
clawhub search github
clawhub search slack

# Concept-based
clawhub search automation
clawhub search monitoring
clawhub search sync

Exploration

# Trending skills
clawhub explore --sort trending --limit 20

# Most downloaded
clawhub explore --sort downloads --limit 20

# newest
clawhub explore --sort newest --limit 30

Deep Research

# By category
clawhub search "code"
clawhub search "data"
clawhub search "media"
clawhub search "network"
clawhub search "security"

# By use case
clawhub search "automation workflow"
clawhub search "backup sync"
clawhub search "monitoring alerting"

Inspect Without Downloading

Use clawhub inspect to read skill metadata:

# Get skill info
clawhub inspect <slug>

# This shows:
# - name
# - summary/description
# - owner
# - created/updated dates
# - version
# - tags

Never use clawhub install on suspicious skills!

Security Principles

When researching skills, watch for these risk indicators:

  • Code execution patterns (eval, exec)
  • External API calls without documentation
  • Hardcoded credentials
  • Shell execution without input validation
  • Missing or unclear documentation
  • Unknown or unverified publishers

If any indicators are present: inspect the metadata only, then build your own implementation.

Building Clean Skills

Template Structure

my-clean-skill/
├── SKILL.md              # Your clean implementation
├── scripts/              # Your code
├── references/           # Documentation
└── assets/              # Templates (if needed)

SKILL.md Template

---
name: my-clean-skill
description: Does X. Use when user wants to Y. Based on ClawHub research but built from scratch.
---

# My Clean Skill

## What It Does

[Clear description]

## When to Use

- Use case 1
- Use case 2

## Commands

[Your commands]

## Implementation

[How you built it - clean, generic]

## Security

[Your security measures]

Examples

Scenario 1: Found Suspicious Shell Skill

Found: "shell-commands" (suspicious - has eval)

Inspect:

clawhub inspect shell-commands
# Problem: Execute shell commands
# Tools: bash, ssh

Build Clean:

# Write your own safe-shell-skill
# - No eval
# - Predefined safe commands only
# - Input validation
# - Full documentation

Scenario 2: Found Good Crypto Skill

Found: "crypto-trader" (risky - real money)

Inspect:

clawhub inspect crypto-trader
# Problem: Trading automation
# Tools: exchange APIs

Build Clean:

# Build crypto-monitor instead
# - Read-only data fetching
# - Price alerts
# - No trading (safe)

Scenario 3: Gap Found

Search: No good "log-analyzer" skill

Build:

# Create log-analyzer from scratch
# - Parse common log formats
# - Pattern detection
# - Alert on errors

Common Gaps to Fill

These skills don't exist or are outdated:

GapDescription
code-refactorAI-powered code refactoring
system-monitorModern system monitoring
task-automationGeneral automation
webhook-handlerWebhook processing
cron-schedulerSmart scheduling
log-analyzerLog parsing & analysis
backup-schedulerIntelligent backups
api-testerAPI testing tool
config-managerConfiguration management

Best Practices

Building

  1. Start simple, add features later
  2. Use well-tested tools (curl, jq, etc.)
  3. No external dependencies when possible
  4. Full error handling
  5. Clear documentation

Publishing

  1. Test extensively
  2. Clear description
  3. Generic (no hardcoded values)
  4. Security-first design
  5. Include troubleshooting

Security

  1. No eval ever
  2. Input validation
  3. No secrets in code
  4. Use environment variables
  5. Minimal permissions

Quality Checklist

Before publishing:

  • Works as documented
  • No hardcoded secrets
  • Cross-platform compatible
  • Error handling included
  • Clear examples
  • Triggers properly
  • No suspicious patterns

Related Skills

  • next-skill - General skill discovery
  • skill-creator - Build new skills
  • claw2claw-filetransfer - Share skills

Guidelines:

  • Inspect before install
  • Build your own when in doubt
  • Share clean, well-documented skills

From Claws - for Claws. 🦞

Comments

Loading comments...