ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

ClawHub Publish Doctor

v1.0.0

Diagnose and mitigate ClawHub/ClawDHUB publish failures (auth, browser-login, missing dependencies, pending security-scan visibility errors, and wrong profil...

0· 557·0 current·0 all-time
byBlueBirdBack ✨@bluebirdback
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description describe publish diagnostics; included scripts perform preflight checks (presence of clawhub/xdg-open/rg), instruct token-based login, run clawhub publish and clawhub inspect with retry — all coherent with the stated goal.
Instruction Scope
SKILL.md limits runtime actions to running the provided scripts and the clawhub CLI. The scripts write small diagnostic outputs to /tmp (whoami/publish outputs) and echo CLI results; this is within scope but worth noting if you run in a shared or highly-sensitive environment since temporary files are used.
Install Mechanism
This is an instruction-only skill with two small shell scripts; there is no install spec, no downloads, and no archive extraction. No high-risk install behavior observed.
Credentials
No required environment variables or credentials are declared. The workflow expects the user to supply a ClawHub token for `clawhub login --token <clh_token>` which is appropriate and proportional for publishing operations. Optional controls (MAX_RETRIES, SLEEP_SECONDS) are benign.
Persistence & Privilege
The skill does not request permanent/forced inclusion (always:false), does not modify other skills or global agent settings, and has no autonomous persistence behavior beyond normal invocation.
Assessment
This package appears coherent and limited to helping with ClawHub publishes. Before running: (1) verify you have the official clawhub CLI installed (avoid unknown binaries), (2) keep your ClawHub token secret and use token login only in trusted environments, (3) review the small shell scripts yourself — they write temporary diagnostic files to /tmp and call clawhub commands but do not exfiltrate secrets, and (4) avoid running as an elevated user in shared systems. If you need higher assurance, test the scripts in an isolated environment first.

Like a lobster shell, security has layers — review code before you run it.

latestvk971p41xd5nwa7y8jqbcym6qjd818a5v

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments