Back to skill
Skillv1.0.0
ClawScan security
ClawHub Push Skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 11, 2026, 5:31 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code, instructions, and external calls are consistent with its stated purpose (publishing skills to the ClawHub registry); no unexplained or unrelated actions were found.
- Guidance
- This tool appears to do exactly what it says: it reads your ClawHub token and uploads the files in a skill directory to https://clawhub.ai. Before using it, inspect the directory you plan to push and make sure it does not contain secrets (.env, private keys, credential files). Consider adding patterns like .env, *.pem, credentials.json to the exclusion list or temporarily moving sensitive files out of the directory. For batch pushes, be extra careful — the batch script will push any folder with SKILL.md. Also run it with a test account/token first and ensure your Node runtime is >=18 (the code uses fetch/Blob/FormData). If you need stronger guarantees, review and/or modify EXCLUDE_PATTERNS in push.js to explicitly block files you never want uploaded.
Review Dimensions
- Purpose & Capability
- okName/description match the implementation: the scripts locate a ClawHub token, parse SKILL.md frontmatter, collect skill files, fix payload fields (acceptLicenseTerms, tags), and POST to https://clawhub.ai/api/v1/skills. No unrelated credentials, services, or binaries are requested.
- Instruction Scope
- noteThe SKILL.md accurately documents runtime behavior. Important caution: the push code reads and uploads all files in the skill directory (with only a small exclusion list: .git, node_modules, .DS_Store, *.log). That is expected for a publisher, but it means sensitive files (e.g., .env, private keys, config files) could be uploaded unless excluded. Batch mode will push any directory containing SKILL.md (needsUpdate returns true broadly).
- Install Mechanism
- okNo installer or remote download is used; the package is instruction+local Node scripts with a single dependency (js-yaml) declared in package.json/package-lock.json. This is proportionate for the task.
- Credentials
- okNo environment variables are required. The code reads the user's HOME to look for token files at reasonable locations (~/.config/clawhub/token.json and ~/.clawhub/token). That is appropriate for a CLI that needs an auth token.
- Persistence & Privilege
- okThe skill does not request persistent/always-on presence, does not modify other skills or global agent settings, and is user-invocable only. Autonomous invocation is allowed (platform default) but not combined with other concerning flags.