ClawHub Web Only Publish
PassAudited by ClawScan on May 1, 2026.
Overview
This instruction-only skill is coherent for publishing to ClawHub, but it can act through your existing ClawHub session and optionally an existing CLI token, so review the account and files before publishing.
Install/use this only if you want the agent to help publish skills to ClawHub. Confirm the logged-in account, review the selected folder for secrets, and do not use the optional CLI fallback unless you intentionally want to publish with an existing CLI token.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used in the wrong browser profile or account, the skill could publish under an unintended ClawHub identity.
The workflow depends on an existing authenticated ClawHub browser session, allowing publishing under the user's account.
- Browser already logged in to https://clawhub.ai
Before publishing, confirm the visible ClawHub username/account and review the selected skill folder.
A mistaken folder, slug, or version could publish the wrong skill or content.
The skill instructs a final publish action, which is purpose-aligned but can change public/account-visible content.
Click "Publish skill"
Treat the publish click as a final approval step; verify the folder, metadata, and secret scan before proceeding.
A user expecting strictly no CLI use may be surprised by the fallback path.
The artifact is framed as web-only, but it plainly documents an optional CLI publish fallback using an existing token.
If browser upload fails: - Use existing CLI token (if already authenticated) - Run: `clawhub publish <path> --version 1.0.0`
Use the fallback only if you intentionally accept CLI publishing with an already-authenticated token.