ClawHub Web Publisher
PassAudited by ClawScan on May 10, 2026.
Overview
The skill is coherent and instruction-only, but it uses the current signed-in ClawHub browser session to publish a selected local skill, so users should verify the account, folder, and privacy scan before submitting.
This skill appears safe to install as an instruction-only publisher. Use it only when you intend to publish the selected skill folder, check that the browser is signed in to the right ClawHub account, and review the privacy checklist so secrets or private paths are not uploaded.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The selected skill folder may become publicly available on ClawHub under the current account.
The skill directs the agent to upload and publish a local directory through the web dashboard. This is the stated purpose, but publishing changes a third-party account/public listing.
Select the local skill directory. ... Submit publish.
Before submission, confirm the exact folder, listing details, and that the user intends to publish publicly.
Publishing will use the privileges of the active ClawHub browser session.
The workflow uses an existing authenticated ClawHub browser session. This is disclosed and expected for web-only publishing, but it relies on the authority of whichever account is currently signed in.
Use the already signed-in browser session for dashboard upload.
Verify the browser is signed in to the intended ClawHub account before using the skill.