Bypass and unauthorized access
Auth bypass, account takeover, CAPTCHA bypass, Cloudflare or anti-bot evasion, rate-limit bypass, reusable session theft, live call or agent takeover.
What ClawHub Will Not Host
ClawHub is for useful agent tooling, not abuse workflows. If a skill is built to evade defenses, abuse platforms, scam people, invade privacy, or enable non-consensual behavior, it does not belong here.
We moderate based on end-to-end abuse patterns, not just isolated keywords.
Platform abuse and ban evasion
Stealth accounts after bans, account warming/farming, fake engagement, multi-account automation, spam posting, marketplace or social automation built to avoid detection.
Fraud and deception
Fake certificates, fake invoices, deceptive payment flows, fake social proof, scam outreach, or synthetic-identity workflows built to create accounts for fraud.
Privacy-invasive surveillance
Mass contact scraping for spam, doxxing, stalking, covert monitoring, biometric / face-matching workflows without clear consent, or buying, publishing, downloading, or operationalizing leaked data or breach dumps.
Non-consensual impersonation
Face swap, digital twins, cloned influencers, fake personas, or other identity manipulation used to impersonate or mislead.
Explicit sexual content
NSFW image, video, or text generation, especially wrappers around third-party APIs with safety checks disabled.
Hidden or misleading execution
Obfuscated install commands, `curl | sh`, undeclared secret requirements, undeclared private-key use, or remote `npx @latest` execution without reviewability.
Recent patterns we are explicitly not okay with
Create stealth seller accounts after marketplace bans.
Modify Telegram pairing so unapproved users automatically receive pairing codes.
Cultivate Reddit or Twitter accounts with undetectable automation.
Generate professional certificates or invoices for arbitrary use.
Generate NSFW content with safety checks disabled.
Scrape leads, enrich contacts, and launch cold outreach at scale.
Buy, publish, or download leaked data or breach dumps.
Bulk-create email or social accounts with synthetic identities or CAPTCHA solving.
Enforcement
We may hide, remove, or hard-delete violating skills.
We may revoke tokens, soft-delete associated content, and ban repeat or severe offenders.
We do not guarantee warning-first enforcement for obvious abuse.