ClawHub Web Only Publish

v1.0.0

Publish skills to ClawHub via web dashboard only. No CLI login, no device flow. Reuse existing browser session.

⭐ 0· 378·0 current·0 all-time

by@dalomeve

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Benign

high confidence

✓

Purpose & Capability

Name/description claim web-only publishing and the SKILL.md contains step-by-step browser upload instructions. No unexpected binaries, env vars, or permissions are requested; required actions align with the stated purpose.

ℹ

Instruction Scope

Instructions are mostly limited to interacting with clawhub.ai via a browser and optionally running `clawhub publish` if an existing CLI token is present. One minor ambiguity: the execution criteria include 'No `clawhub login` in history' which could be interpreted as requiring a check of shell history (a privacy-sensitive action). The SKILL.md does not explicitly instruct reading system files, but the criteria are vague and could encourage agents to inspect local history or config files.

✓

Install Mechanism

Instruction-only skill; no install steps, downloads, or extracted archives. Lowest-risk installation profile.

ℹ

Credentials

The skill declares no environment variables or credentials, which is appropriate for a web-dashboard workflow. However, the fallback relies on an existing CLI token (not declared or explained where it is stored), which is reasonable but under-specified — the SKILL.md does not state where the token lives or how to access it safely.

✓

Persistence & Privilege

No persistent installation, always:false, and no modifications to other skills or system-wide settings are requested.

Assessment

This skill is coherent with its stated purpose (manual web upload to ClawHub). Before using it: 1) Ensure your browser session on https://clawhub.ai is legitimate and not a shared account. 2) Do not upload files containing API keys, tokens, or secrets — the SKILL.md advises scanning but you should confirm manually. 3) Be cautious about the fallback: if you use `clawhub publish` it will rely on an existing CLI token — verify where that token is stored (CLI config or environment) and avoid granting the agent blanket read access to config or shell history. 4) If you want the agent to perform the publish automatically, explicitly limit which local files it may read; otherwise perform the browser steps yourself. If you want greater assurance, ask the skill author to clarify how the CLI token is obtained and to remove or clarify the 'history' verification criterion.

Like a lobster shell, security has layers — review code before you run it.

latestvk97c1wnvs9zgmg65bv6dndgdsn823cg5

378downloads

0stars

1versions

Updated 7h ago

v1.0.0

MIT-0

ClawHub Web-Only Publish

Publish to ClawHub via web dashboard. No CLI login.

Problem

CLI login causes:

Auth loop failures
Token expiration issues
Device flow complexity
Session management overhead

Workflow

1. Prerequisites

Browser already logged in to https://clawhub.ai
Skill folder contains SKILL.md
No secrets in skill files

2. Web Publish Steps

Navigate to https://clawhub.ai/upload
Verify logged in (username visible)
Fill form:
- Slug: skill-name
- Display name: Skill Name
- Version: 1.0.0
Click "Choose folder" -> Select skill directory
Wait for validation (SKILL.md recognized)
(Optional) Add changelog
Click "Publish skill"
Capture result URL

3. Fallback (No CLI Login)

If browser upload fails:

Use existing CLI token (if already authenticated)
Run: clawhub publish <path> --version 1.0.0
Do NOT run clawhub login

Executable Completion Criteria

Criteria	Verification
Skill URL accessible	Navigate to URL, 200 OK
Name matches SKILL.md	Frontmatter name = listing name
Version correct	URL shows v1.0.0
No CLI login used	No `clawhub login` in history