ClawHub

Exec ClawHub Publish Doctor

v1.0.1

Diagnose and mitigate exec-related tooling failures around ClawHub publishing and GitHub CLI queries (auth, browser-login, missing dependencies, pending secu...

0· 538·1 current·1 all-time
byBlueBirdBack ✨@bluebirdback
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the included artifacts: the SKILL.md plus three shell scripts implement preflight checks, a publish wrapper with retries, and a resilient gh search wrapper. All required actions (calling clawhub and gh CLIs) are appropriate for the described purpose.
Instruction Scope
Runtime instructions are limited to running the provided shell scripts and invoking clawhub/gh/inspect commands. The scripts only inspect environment/binaries, run CLI commands, parse outputs, and use /tmp for transient command output. They do not read arbitrary user files, send data to third-party endpoints other than those the CLIs contact, or include open-ended instructions like 'gather whatever context you need.'
Install Mechanism
No install spec is provided (instruction-only with bundled scripts), so nothing is downloaded or written beyond the included files. This is low risk compared with downloading remote archives or running an installer.
Credentials
The skill requires no declared environment variables or credentials. It instructs users to authenticate to clawhub/gh with their usual tokens (expected for this workflow). The only optional override is GH_FIELDS for gh_search_repos_safe.sh. There are no unrelated or excessive credential requests.
Persistence & Privilege
Skill is not forced-always and does not request persistent privileges or modify other skills or system-wide agent settings. It runs only when invoked and relies on the user-installed clawhub/gh CLIs.
Assessment
This skill is a convenience wrapper around your existing clawhub and GitHub CLI tooling. Before using: (1) inspect the three included scripts yourself (they are small shell scripts) and confirm you intend to run clawhub publish; (2) run in a safe environment (e.g., your development machine) — the scripts write transient files to /tmp and will call your installed clawhub/gh CLIs which in turn contact remote services; (3) do not paste tokens into an untrusted UI—use the recommended headless token login and ensure tokens have minimum necessary scopes; (4) ensure the clawhub and gh binaries you have installed are the official ones (npm/global installs can be tampered with on compromised hosts). Other than those operational cautions, the skill's behavior matches its stated purpose.

Like a lobster shell, security has layers — review code before you run it.

latestvk9719yxr593hc51qrv9zy1nhv181831k

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments