Exec ClawHub Publish Doctor
ReviewAudited by ClawScan on May 1, 2026.
Overview
This is a coherent ClawHub publishing troubleshooting skill, but it can publish to ClawHub and use existing CLI logins, so users should review commands before running them.
This skill appears purpose-aligned and not malicious. Treat it as a publishing helper with real account authority: check which ClawHub account is logged in, review the skill path and publish metadata before running, and install any required CLIs from trusted sources.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If run with the wrong path, slug, name, or version, it could publish or update a ClawHub skill under the user's account.
The script performs an authenticated publish action to ClawHub using user-provided arguments. This is purpose-aligned, but it can change public registry state.
clawhub publish "$SKILL_PATH" \ --slug "$SLUG" \ --name "$NAME" \ --version "$VERSION" \ --changelog "$CHANGELOG" \ --tags latest
Before running the publish wrapper, verify the skill path, target slug, version, changelog, and logged-in ClawHub account.
The skill can use the currently logged-in ClawHub account for publishing, and local diagnostic files may contain account-identifying output or error text.
The wrapper depends on the user's authenticated ClawHub session and writes whoami diagnostics to local temporary files.
if ! clawhub whoami >/tmp/clawhub_publish_whoami.out 2>/tmp/clawhub_publish_whoami.err; then echo "ERROR: Not logged in. Run: clawhub login --token <clh_token>" >&2
Use the intended ClawHub account, prefer least-privilege tokens if available, and avoid running on shared systems unless temporary diagnostic files are acceptable.
A user may install or overwrite a global CLI dependency outside the skill package.
The documentation includes optional global CLI installation/reinstallation guidance, while the registry metadata lists no required binaries or install spec.
If needed, reinstall: `npm i -g clawhub --force`
Install ClawHub and GitHub CLI tools only from trusted sources, and confirm the expected CLI versions before using the wrappers.