ClawHub Publish Doctor
ReviewAudited by ClawScan on May 1, 2026.
Overview
This skill appears purpose-aligned for fixing ClawHub publish problems, but it can publish or update skills using your logged-in ClawHub account, so run it only when you intend that.
Install and run this only if you intend to diagnose or perform ClawHub publishing. Confirm the active ClawHub account, review the publish arguments and automatic `latest` tag, handle tokens carefully, and treat the optional global npm reinstall as a trusted-tool setup step.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the wrapper can publish or update a skill and its tag under your logged-in ClawHub account.
The wrapper performs the central publishing action and automatically applies the latest tag, which is expected for this skill but mutates public/account-backed registry state.
clawhub publish "$SKILL_PATH" ... --version "$VERSION" ... --tags latest
Before running it, verify the account, skill path, slug, name, version, changelog, and whether applying the latest tag is intended.
The skill operates with whichever ClawHub identity is currently logged in, and account-check output may remain locally in temporary files.
The script uses the local ClawHub authenticated session and stores account-check output/errors in /tmp, which is purpose-aligned but involves account context.
clawhub whoami >/tmp/clawhub_whoami.txt 2>/tmp/clawhub_whoami.err
Use a token/account with the intended publishing permissions, confirm `clawhub whoami`, and avoid leaving temp files on shared systems if the identity output is sensitive.
Using the suggested reinstall can replace a global CLI package on the machine.
The guidance includes an optional unpinned global npm installation with --force; this is visible and purpose-related but should be treated as a trusted-tool installation step.
If needed, reinstall: `npm i -g clawhub --force`
Install the ClawHub CLI only from a trusted package source, avoid `--force` unless needed, and confirm the installed CLI version.
A CI job or scripted workflow could treat the publish as successful even though inspect verification is still pending.
After exhausting inspect retries, the script warns but exits successfully, which matches its tolerance for transient registry states but may affect automation that relies on exit codes.
echo "WARN: Published, but inspect is still pending after retries." >&2 ... exit 0
For automation that requires verification, modify the wrapper or add a follow-up check that fails when inspect remains unavailable.