Clawhub Manager
v1.2.0ClawHub 技能管理工具。封装技能的发布、删除、查询和搜索功能,方便管理 ClawHub 上的技能。
⭐ 0· 605·6 current·6 all-time
byxiaofei@franklu0819-lang
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description ask for ClawHub skill management and the skill requires only the 'clawhub' CLI. Included scripts (publish, delete, inspect, search, list, security-check, test) match the described capabilities and there are no unrelated environment variables or surprising binaries.
Instruction Scope
SKILL.md instructs the agent to run the included shell scripts (paths are absolute under /root/.openclaw/workspace/skills/...), and the scripts operate on user-supplied skill directories and call the clawhub CLI. This is within scope, but the instructions assume the skill files live at that exact workspace path and assume an authenticated clawhub CLI; the absolute paths and reliance on the local workspace are implementation details you should be aware of.
Install Mechanism
No install spec — instruction-only with bundled shell scripts. Nothing downloads or writes code from remote URLs, so disk persistence is limited to the skill's files included in the package.
Credentials
The skill declares no required env vars. The scripts scan code for many common API key patterns (OpenAI, GitHub, Tavily, Perplexity, Exa, generic API keys) which is reasonable for a pre-publish security check. The skill does call the 'clawhub' CLI which typically requires the user to be logged in; this is expected but implicit (no explicit credential env var is requested).
Persistence & Privilege
always is false and the skill does not request system-wide persistence or modify other skills' configs. Scripts perform operations only when invoked, and deletion requires interactive confirmation.
Assessment
This skill appears to do what it claims: run the 'clawhub' CLI to list/search/inspect/publish/delete skills and perform local security scans of skill directories. Before installing or invoking it: 1) ensure you have the official clawhub CLI installed and are comfortable with its authentication (the scripts expect you to be logged in); 2) review the publish.sh and delete.sh scripts — delete.sh performs a destructive delete (requires confirmation) and publish.sh invokes clawhub publish and can be bypassed with --skip-security (use cautiously); 3) be aware the SKILL.md uses absolute paths under /root/.openclaw/workspace/skills — if your agent workspace differs, update paths or run scripts directly; 4) the security scan is local grep-based and can produce false positives/negatives — still manually inspect anything flagged; and 5) if you enable autonomous agent invocation, remember the agent could call publish/delete functions (this is platform-default behavior), so grant the skill only to agents you trust to manage ClawHub items.Like a lobster shell, security has layers — review code before you run it.
latestvk975vnga4qaq7xsq079yt62wc982qmkz
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
Binsclawhub