ClawHub Publisher

ReviewAudited by ClawScan on May 10, 2026.

Overview

This publishing helper is purpose-aligned, but it asks users to rely on unreviewed external packages and ClawHub API-key authority for broad publishing actions without clear declared scopes or safeguards.

Before installing or using this skill, verify the external package source, pin versions, use a limited ClawHub token, run validation/dry-run first, and manually approve any publish, rollback, README/Gumroad injection, or team-member change.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Medium

#ASI04: Agentic Supply Chain Vulnerabilities

What this means

You could end up running third-party code that has not been inspected by this review before giving it publishing authority.

Why it was flagged

The skill is instruction-only with no install spec or included implementation, but its documented workflow depends on installing unpinned external packages that were not reviewed here.

Skill content

npm install clawhub-publisher
# or
python -m pip install clawhub-publisher

Recommendation

Verify the npm/PyPI package and repository provenance, pin exact versions, review the package code or lockfile, and prefer official ClawHub publishing tools when possible.

Medium

#ASI03: Identity and Privilege Abuse

What this means

A token provided to this tool may be able to publish or change skills and possibly manage team access, but the artifact does not clearly define the required scope.

Why it was flagged

The instructions rely on a ClawHub API key, while the provided registry requirements say there are no required environment variables or primary credential; the same documentation shows publish, rollback, and team workflows using this authority.

Skill content

apiKey: process.env.CLAWHUB_API_KEY

Recommendation

Use a least-privilege, revocable ClawHub token; avoid broad account tokens; and ensure the skill metadata declares required credentials and their intended permissions.

Medium

#ASI02: Tool Misuse and Exploitation

What this means

A mistaken path, commit history, or agent decision could publish or modify multiple skills at once.

Why it was flagged

The documented API supports concurrent batch publishing with automatic version and changelog changes, but the artifacts do not specify mandatory confirmation, diff review, or dry-run safeguards before public/account mutations.

Skill content

const results = await publisher.publishBatch({
  skillPaths: skills.map(s => `./skills/${s}`),
  autoBump: true,
  autoChangelog: true,
  parallel: 2

Recommendation

Run validation and dry-run modes first, review generated file changes and changelogs, and require explicit human confirmation before batch publish, rollback, or team-access changes.