ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Skillstore

v2026.2.17

Search, install, and create OpenClaw skills with intelligent matching across known, local, and GitHub repositories.

0· 691·1 current·1 all-time
byGlitch@chris6970barbarian-hue·duplicate of @chris6970barbarian-hue/skillstore
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (search/install/create OpenClaw skills) matches the code: it searches a built-in DB, local skills, and GitHub. No unrelated credentials or binaries are requested. One minor mismatch: SKILL.md says local skills live under ~/.openclaw/workspace/skills/, but the code searches the parent directory of the skill (path.join(__dirname, '..')).
Instruction Scope
Runtime instructions and code remain scoped to searching known skills, local SKILL.md/README.md files, and GitHub repo metadata. The code reads local skill files and calls the GitHub search API; both are expected. The SKILL.md examples describe interactive install flows but do not document exact install commands — the main.js includes child_process.exec (truncated in the listing), so you should inspect what install/exec steps perform before executing.
Install Mechanism
No install spec is provided (instruction-only install), and the repo includes the CLI source (main.js). There are no external download URLs or extract operations in the provided files. This is low-risk, but review any runtime exec invocations that may invoke git or external installers.
Credentials
The skill declares no required environment variables or credentials. The code performs unauthenticated calls to the public GitHub search API and local filesystem reads; this aligns with the described functionality.
Persistence & Privilege
always is false and the skill writes/reads a local config.json in its own directory (CONFIG_FILE = __dirname/config.json). It does not request system-wide or other-skill configs. No elevated persistence privileges are requested.
Assessment
This skill appears to do what it says: search known and local skills and query GitHub. Before installing or running it, quickly review the remaining parts of main.js (the truncated portion) to confirm what child_process.exec calls do when installing a repo (e.g., git clone, npm install, running remote scripts). Also note the docs and code disagree about the local-skill path (~/.openclaw/workspace/skills/ vs __dirname/..); make sure the tool will search the directories you expect. If you plan to run installs, run them in a sandbox or inspect any cloned repositories before executing their code.

Like a lobster shell, security has layers — review code before you run it.

latestvk97f9gm0yym4rn4g66jm3hpqm981ba0d
691downloads
0stars
1versions
Updated 12h ago
v2026.2.17
MIT-0
Glitch@chris6970barbarian-hue
latest
Download

SkillStore - OpenClaw Skill Manager

Search, install, and create OpenClaw skills with intelligent matching.

Skill Metadata

  • Name: skillstore
  • Type: OpenClaw Skill
  • Purpose: Search existing skills, install from GitHub, or create new ones

Setup Commands

No setup required. Works out of the box.

Usage Commands

Search & Install

# Search for a skill (applies 30% threshold)
skillstore <query>

# Examples:
skillstore home assistant
skillstore weather
skillstore smart home
skillstore email gmail
skillstore github

List & Show

# List installed skills
skillstore list

# Show all known skills (20 built-in)
skillstore known

Create New

# Create new skill with templates
skillstore create <name>
skillstore new <name>

# Examples:
skillstore create my-awesome-skill
skillstore new weather-widget

How Search Works

Matching Algorithm

  1. Tokenize - Split query into keywords
  2. Calculate - Jaccard similarity + keyword boost
  3. Filter - Remove results below 30% threshold
  4. Rank - Sort by relevance score
  5. Display - Show with visual score bar

Match Score

Score >= 50% = Strong match (green bar)
Score >= 30% = Weak match (yellow bar)  
Score < 30% = Not shown (filtered)

Search Sources (in order)

  1. Known Skills - Built-in database of 20 skills
  2. Local Skills - Skills in ~/.openclaw/workspace/skills/
  3. GitHub - Search openclaw repositories

Interaction Flow

1. User runs: skillstore home assistant
2. System searches all 3 sources
3. System filters by threshold
4. Results shown with scores:

   1. [KNOWN] homeassistant ████████░░ 85%
      Control smart home devices...
   2. [LOCAL] homeassistant ███████░░░ 78%
   3. [GIT] openclaw-homeassistant ██████░░░░ 62%

5. User chooses:
   - Enter number → Install from GitHub
   - n → Create new skill
   - q → Quit

Known Skills Database

Built-in skills (searchable):

SkillDescription
homeassistantSmart home control (HA API)
gogGoogle Workspace (Gmail, Calendar, Drive)
weatherWeather forecasts
githubGitHub CLI integration
himalayaEmail via IMAP/SMTP
obsidianObsidian vault integration
sonoscliSonos speaker control
blucliBluOS speaker control
eightctlEight Sleep pod control
ordercliFood delivery orders
blogwatcherRSS feed monitoring
gifgrepGIF search/download
video-framesVideo frame extraction
youtube-summarizerYouTube transcript summary
ga4Google Analytics 4
gscGoogle Search Console
wacliWhatsApp messaging
browserBrowser automation
healthcheckSecurity hardening

Error Handling

  • No results above threshold: Offer to create new skill
  • GitHub search fails: Fall back to local/known
  • Install fails: Show error with reason

Related Skills

  • homeassistant
  • openclaw-migrate
  • skill-templates (legacy, use skillstore)

Files

skillstore/
├── SKILL.md       # This file
├── README.md      # User docs
├── main.js        # CLI with intelligent search
└── config.json    # Install history

Comments

Loading comments...