Clawhub Manager
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: clawhub-manager Version: 1.2.0 The clawhub-manager skill bundle is a legitimate utility designed to manage ClawHub skills via the clawhub CLI. It includes scripts for publishing, deleting, searching, and inspecting skills, with a notable emphasis on security; specifically, publish.sh and security-check.sh implement a comprehensive scanner to detect hardcoded API keys (OpenAI, GitHub, Tavily, etc.) and sensitive files (.env, .pem) before publication. The code is well-documented, follows safe scripting practices (e.g., user confirmation for deletions), and contains no evidence of malicious intent or data exfiltration.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the test script could use the logged-in ClawHub account to attempt a live publish of a temporary test skill or otherwise hit the real publish path unexpectedly.
The security test runs the real publish script against a temporary test skill rather than a scan-only helper. Since publish.sh is the live publishing workflow, this can reach ClawHub publication behavior from a test command.
bash /root/.openclaw/workspace/skills/clawhub-manager/scripts/publish.sh "$TEST_DIR/safe-skill" --version 1.0.0 2>&1 | grep -q "安全扫描通过"
Do not run test-security-scan.sh unless you are prepared for possible live ClawHub side effects; maintainers should change it to use security-check.sh or add an explicit --dry-run/--scan-only mode.
A chosen local skill directory may be uploaded/published to ClawHub under the current account.
The main publish script directly delegates to clawhub publish for the user-supplied skill directory. This is expected for the skill, but it is a high-impact external action.
PUBLISH_CMD=(clawhub publish "$SKILL_PATH" --version "$VERSION")
Before publishing, confirm the directory, version, slug, changelog, and logged-in ClawHub account; avoid broad or private directories.
Commands can change resources associated with the active ClawHub account.
The skill explicitly relies on an authenticated ClawHub session for publish/delete operations. No direct token handling is shown, but actions run with the logged-in account's authority.
发布和删除技能需要登录 ClawHub
Use a trusted clawhub CLI session and verify which account is logged in before invoking publish or delete.
Behavior depends on the local clawhub and jq binaries available in the environment.
The skill delegates important behavior to locally installed binaries. This is normal for a CLI wrapper, but users need to trust the installed tools.
- `clawhub` CLI 工具 - `jq` (JSON 处理,用于 --json 输出)
Install clawhub and jq from trusted sources and keep them updated; verify the clawhub binary before using this manager.