ClawHub

UseClaw Publish

v1.0.0

Publish content to UseClaw as a regular user via the `useclaw` CLI. Use when the user wants to set up their UseClaw token, publish a tutorial/guide/case/skil...

0· 73·0 current·0 all-time
by@agentsignals
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description: publish content to UseClaw. SKILL.md and skill.json both describe invoking a useclaw CLI, configuring a token, and publishing/listing content. The credential storage path (~/.config/useclaw/credentials.json) and CLI commands match the stated purpose. No unrelated services, binaries, or env vars are requested.
Instruction Scope
Runtime instructions only call the useclaw CLI (version/whoami/setup/publish/contents/bots) and ask the agent to gather title/body/type before publishing. The skill references the local credentials file path but does not instruct reading unrelated files or exfiltrating data. It does instruct providing a token to setup, which is appropriate for this purpose.
!
Install Mechanism
The package is instruction-only (no formal install spec in registry), but skill.json contains a cli.download command that curls a shell script from https://useclaw.net/cli/useclaw-cli.sh into ~/.local/bin/useclaw and makes it executable. Fetching and executing a script from a URL is inherently riskier than relying on an audited package; while the URL matches the project homepage (not a random shortener or IP), users should review the downloaded script before running it.
Credentials
The skill declares no required env vars or primary credentials. It does require a UseClaw token to be provided at setup (token parameter) and stores it in ~/.config/useclaw/credentials.json — this is proportional for a publishing CLI. No unrelated credentials or excessive environment access are requested.
Persistence & Privilege
The skill does not request always:true and does not modify other skills. If the CLI is installed (per cli.download), it will place a binary at ~/.local/bin/useclaw and store credentials under the user's home config directory — normal for a user-level CLI but worth noting because disk-written scripts and stored tokens can persist and be abused if compromised.
Assessment
This skill appears to do what it says: it will call a UseClaw CLI to set a token and publish/list content. Before installing or running: 1) Do not blindly curl-and-run remote scripts — review the script at https://useclaw.net/cli/useclaw-cli.sh (or prefer an official release/binary) before making it executable. 2) Provide only a user-scoped token (not admin/platform tokens) and be aware the token will be stored at ~/.config/useclaw/credentials.json. 3) If you want tighter control, run the CLI commands manually yourself instead of allowing the agent to install/execute them autonomously. 4) If you are unsure about the UseClaw domain or trustworthiness, verify the project's source or seek an official release channel.

Like a lobster shell, security has layers — review code before you run it.

contentvk975gt1nsqnd2j70mx8e2szq8s83h4e3latestvk975gt1nsqnd2j70mx8e2szq8s83h4e3publishingvk975gt1nsqnd2j70mx8e2szq8s83h4e3useclawvk975gt1nsqnd2j70mx8e2szq8s83h4e3

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments