Clawhub Manager
ReviewAudited by ClawScan on May 10, 2026.
Overview
The manager mostly does what it says, but its security-test script can invoke the real ClawHub publish workflow and may cause an unintended live publish.
Use the normal search/inspect/list scripts freely, but be careful with publish/delete because they act on your ClawHub account. Avoid running test-security-scan.sh until it is changed to a true scan-only test, and always verify the target path and logged-in account before publishing.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the test script could use the logged-in ClawHub account to attempt a live publish of a temporary test skill or otherwise hit the real publish path unexpectedly.
The security test runs the real publish script against a temporary test skill rather than a scan-only helper. Since publish.sh is the live publishing workflow, this can reach ClawHub publication behavior from a test command.
bash /root/.openclaw/workspace/skills/clawhub-manager/scripts/publish.sh "$TEST_DIR/safe-skill" --version 1.0.0 2>&1 | grep -q "安全扫描通过"
Do not run test-security-scan.sh unless you are prepared for possible live ClawHub side effects; maintainers should change it to use security-check.sh or add an explicit --dry-run/--scan-only mode.
A chosen local skill directory may be uploaded/published to ClawHub under the current account.
The main publish script directly delegates to clawhub publish for the user-supplied skill directory. This is expected for the skill, but it is a high-impact external action.
PUBLISH_CMD=(clawhub publish "$SKILL_PATH" --version "$VERSION")
Before publishing, confirm the directory, version, slug, changelog, and logged-in ClawHub account; avoid broad or private directories.
Commands can change resources associated with the active ClawHub account.
The skill explicitly relies on an authenticated ClawHub session for publish/delete operations. No direct token handling is shown, but actions run with the logged-in account's authority.
发布和删除技能需要登录 ClawHub
Use a trusted clawhub CLI session and verify which account is logged in before invoking publish or delete.
Behavior depends on the local clawhub and jq binaries available in the environment.
The skill delegates important behavior to locally installed binaries. This is normal for a CLI wrapper, but users need to trust the installed tools.
- `clawhub` CLI 工具 - `jq` (JSON 处理,用于 --json 输出)
Install clawhub and jq from trusted sources and keep them updated; verify the clawhub binary before using this manager.