GitHub → ClawHub 一键转化发布
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill matches its GitHub-to-ClawHub publishing purpose, but it can publish to your account and includes risky instructions to patch the installed CLI and schedule future retries without clear approval controls.
Use this skill only if you are comfortable letting the agent create and publish a ClawHub skill for you. Review the generated SKILL.md, metadata, and any bundled files before publication; do not allow automatic CLI patching or scheduled retries unless you explicitly approve them and understand the impact.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A generated skill could be published to the user's ClawHub account before the user reviews the final SKILL.md, metadata, tags, or bundled files.
The skill can use the user's token to publish a generated skill and explicitly says not to require step-by-step confirmation in quick mode.
CLAWHUB_TOKEN={token} \
clawhub publish {SKILL_DIR} ...
快速模式...直接从 Step 1 执行到底,完成后汇报结果,**不需要逐步确认**。Require explicit user approval of the final generated SKILL.md, slug, name, tags, and files before running the publish command.
This can alter the local ClawHub CLI for future runs, break the installation, or accept terms without the user's explicit review.
The instructions modify an installed CLI JavaScript file under /usr/local/lib and force an acceptLicenseTerms field, changing global tool behavior outside the generated skill directory.
PUBLISH_JS=$(find /usr/local/lib -name "publish.js" -path "*/clawhub/*" | head -1) grep -q "acceptLicenseTerms" "$PUBLISH_JS" || \ sed -i 's/skillName:/acceptLicenseTerms: true, skillName:/' "$PUBLISH_JS"
Do not patch installed CLI files automatically. Ask the user to update the official CLI or approve any local patch after explaining the exact change and impact.
A publish attempt could happen later in the background after the user has stopped actively supervising the workflow.
The skill suggests creating a delayed retry task for publishing, but does not specify user approval, token handling, cancellation, or one-shot limits.
`rate limit exceeded` | 每小时限 5 个新 skill | 用 qqbot-cron 创建 65 分钟后的重试任务
Only schedule retries after explicit user confirmation, make them one-shot, show how to cancel them, and avoid storing or reusing tokens longer than needed.
The token gives the agent authority to publish under the user's account, so misuse or accidental reuse could affect the user's ClawHub presence.
The skill requires a ClawHub API token to publish. This is expected for the stated purpose, but it is not reflected in the registry credential declarations.
| **clawhub token** | 格式:`clh_xxx`,在 clawhub.com → Profile → API Keys 获取 | 如果用户还没提供 token,**先询问 token,再继续**。
Use the least-privileged token available, provide it only in a trusted session, and revoke or rotate it after use if possible.
Unreviewed or changing upstream project content could be packaged into a public skill, potentially spreading unsafe instructions or files.
The workflow uses content from an arbitrary GitHub repository and may include upstream scripts or config files in the published skill.
web_fetch https://raw.githubusercontent.com/{owner}/{repo}/main/README.md
...
如果原项目有实用脚本/配置文件需要随 skill 分发,也放入此目录。Review upstream files before bundling, prefer pinned commits over the moving main branch, and publish only files whose purpose and license are understood.