Clawhub Skill Creator
PassAudited by ClawScan on May 1, 2026.
Overview
The skill is coherent for creating and packaging Clawhub skills, with only expected cautions around local scripts and publishing commands.
This skill appears safe for its stated purpose. Before installing or using it, be aware that its examples and scripts can create files, package directories, and publish or install Clawhub skills; review generated files and confirm your active Clawhub account before running publish/install commands.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If run without review, the agent could publish a skill version or update registry content using the user's Clawhub context.
The skill documents a registry publishing command. This is expected for a skill-creation workflow, but publishing can make content public or update registry state.
clawhub publish . --version X.Y.Z --changelog "Description"
Review the generated skill and explicitly approve any publish or install command before it is run.
Registry commands may act under the user's current Clawhub account permissions.
The workflow uses Clawhub CLI account operations such as inspect, list, publish, and install. These are purpose-aligned, but may rely on an already-authenticated local Clawhub identity.
clawhub inspect skill-name --json | grep version
Confirm which Clawhub account is active before publishing or installing skills.
The packaging helper may fail if jq or zip are missing, and it will include files from the chosen skill directory unless excluded.
The helper script depends on local jq and zip binaries and packages the selected skill directory. This is appropriate for packaging, but the registry requirements do not declare these helper-tool dependencies.
if ! jq . "$SKILL_PATH/_meta.json" > /dev/null 2>&1; then ... cd "$SKILL_PATH" && zip -r "$OLDPWD/$PACKAGE_FILE" .
Install required local tools if using the helper script, and inspect the directory/package before publishing.