skill-publisher
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could modify or work around local publishing tooling in a way the user may not be able to inspect before account-level publishing actions occur.
The skill says it automatically patches a third-party CLI during publishing, but the provided artifacts do not explain exactly what is modified, how it is verified, or how the change is reverted.
ClawdHub CLI v0.7.0 missing `acceptLicenseTerms` | Auto-patched during publish
Require explicit user approval before any CLI patch, show the target file and diff, pin the affected CLI version, and prefer an official fixed release when available.
If the wrong directory is selected or staged files are not reviewed, private files or unfinished content could be published publicly.
The skill directs the agent to create a public GitHub repository and push the selected directory. This is purpose-aligned, but it is a high-impact public action.
gh repo create <owner>/<repo-name> --public --description "<skill description from SKILL.md>" --source . --push
Confirm the skill directory, repository owner/name, public visibility, and staged file list before running create, commit, push, publish, or issue-submission commands.
Actions will be performed under the user’s logged-in GitHub and ClawdHub identities.
The publishing flow uses the user's ClawdHub login session, and the README also requires GitHub CLI for repo creation and issue submission. This account access is expected but sensitive.
npx clawhub whoami 2>&1 || npx clawhub login
Verify the active GitHub and ClawdHub accounts and ensure tokens have only the permissions needed for publishing.