skill-publisher
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: agent-skill-publisher Version: 1.0.0 The skill automates the publishing of agent skills to GitHub and ClawdHub but is classified as suspicious due to instructions in SKILL.md that direct the AI agent to locate and programmatically patch executable JavaScript code (publish.js) within the user's local npm cache (~/.npm/_npx). While this is presented as a workaround for a known bug in the clawhub CLI, modifying local package files is a high-risk behavior. The skill otherwise includes security-positive features such as mandatory secret scanning and PII checks in Phase 1.3 and 2.1 before committing code to GitHub.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could modify or work around local publishing tooling in a way the user may not be able to inspect before account-level publishing actions occur.
The skill says it automatically patches a third-party CLI during publishing, but the provided artifacts do not explain exactly what is modified, how it is verified, or how the change is reverted.
ClawdHub CLI v0.7.0 missing `acceptLicenseTerms` | Auto-patched during publish
Require explicit user approval before any CLI patch, show the target file and diff, pin the affected CLI version, and prefer an official fixed release when available.
If the wrong directory is selected or staged files are not reviewed, private files or unfinished content could be published publicly.
The skill directs the agent to create a public GitHub repository and push the selected directory. This is purpose-aligned, but it is a high-impact public action.
gh repo create <owner>/<repo-name> --public --description "<skill description from SKILL.md>" --source . --push
Confirm the skill directory, repository owner/name, public visibility, and staged file list before running create, commit, push, publish, or issue-submission commands.
Actions will be performed under the user’s logged-in GitHub and ClawdHub identities.
The publishing flow uses the user's ClawdHub login session, and the README also requires GitHub CLI for repo creation and issue submission. This account access is expected but sensitive.
npx clawhub whoami 2>&1 || npx clawhub login
Verify the active GitHub and ClawdHub accounts and ensure tokens have only the permissions needed for publishing.