ClawHub

ClawHub Publishing Guide

v1.0.0

将本地技能发布到 ClawHub 技能市场。自动检查技能目录结构、生成版本号、 构建 changelog,执行发布命令并验证结果。 **触发场景**:用户说"发布技能"、"发布到 ClawHub"、"上传技能"等。

0· 59·0 current·0 all-time
byfslong@fslong520
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The skill's name/description match the instructions: it teaches/automates using the ClawHub CLI to publish a skill. No unrelated credentials, packages, or install steps are requested. One oddity: the docs reference a specific home/workspace path (/home/fslong/.copaw/...) which is user-specific and not universally applicable.
!
Instruction Scope
The SKILL.md tells the agent to run shell commands (clawhub whoami, login, publish) and to check/read files at a hardcoded path (/home/fslong/.copaw/workspaces/default/active_skills/<技能名>/SKILL.md). That path is specific to the author and may cause the agent to read arbitrary files if adapted; the instructions also allow Write/ExecuteShellCommand which means the agent could modify files during publish. No network exfiltration endpoints are specified, but the combination of filesystem access and shell execution warrants user review before running.
Install Mechanism
No install spec and no code files — instruction-only. This is low-risk from an install perspective (nothing is downloaded or written by an installer).
Credentials
No environment variables, credentials, or config paths are required by the skill. The operations it instructs (using the clawhub CLI, reading local skill files) are proportional to its publishing purpose.
Persistence & Privilege
always is false and there is no attempt to modify other skills or system-wide agent settings. The skill requests runtime shell/file operations (normal for a publish tool) but does not request permanent privileged presence.
Assessment
This appears to be a straightforward, instruction-only publish guide for ClawHub. Before using it: 1) verify you have the clawhub CLI installed and understand the exact publish command the agent will run; 2) update the hardcoded path (/home/fslong/...) to your workspace or confirm the path it will touch so the agent doesn't read or modify unintended files; 3) be aware the instructions include running shell commands (login/publish) and allow file write operations — run the steps manually once to confirm behavior if you are unsure; 4) because the skill can execute shell commands, avoid granting it to run autonomously in high-risk environments until you’ve tested it. If you need higher assurance, ask the author for a version that uses relative/workspace-agnostic paths and explicit confirmation prompts before any write or publish operation.

Like a lobster shell, security has layers — review code before you run it.

clawhubvk974tvkznnjqdn4tbjnmh85v8s83s53pguidevk974tvkznnjqdn4tbjnmh85v8s83s53platestvk974tvkznnjqdn4tbjnmh85v8s83s53ppublishvk974tvkznnjqdn4tbjnmh85v8s83s53p

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments