clawhub-publish-flow
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: clawhub-publish-flow Version: 0.1.3 The skill provides a workflow for publishing local directories to a remote registry (clawhub.ai) using a stored authentication token. The script `scripts/publish_to_clawhub.js` accesses sensitive configuration files in the user's home directory (e.g., `~/.config/clawhub/config.json`) to retrieve a Bearer token and performs a recursive file upload to an external API. While these actions are aligned with the stated purpose and the `SKILL.md` includes safety instructions for the agent to review data before release, the inherent capabilities of credential access and remote data transmission are high-risk behaviors.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent can publish or update skills as the locally authenticated ClawHub user.
The script reads the local ClawHub config token and uses it as a bearer token for the upload request. This is expected for publishing, but it acts with the logged-in ClawHub account's authority.
const cfg = loadClawhubConfig(); ... Authorization: `Bearer ${cfg.token}`Run `clawhub whoami`, confirm the target registry/account, and only use this with a ClawHub account that is allowed to publish the intended skill.
Anything left in the chosen skill directory could be uploaded to ClawHub, including accidental local artifacts.
The upload includes every file found under the selected skill path and automatically sets the upload payload to accept license terms. This is aligned with publishing a skill, but it has public-release impact if the folder contains secrets or unwanted files.
const files = listFiles(skillPath); ... form.append('files', new Blob([buf]), f.rel); ... acceptLicenseTerms: trueInspect the exact folder contents before running the script, remove `.env`, tokens, cookies, local paths, build artifacts, and confirm you agree to the publishing terms.
A publish that failed due to rate limiting may happen later without the user manually restarting the process.
The skill instructs the agent to persist a queued publish and retry later after rate limiting. It is bounded to one retry and tied to the same verified flow, but it is still delayed autonomous action.
Record the pending publish locally. Schedule a delayed retry instead of requiring the user to remind you. ... then retry publication once
Check the queue file before retry, and ask the agent to require confirmation before delayed publication if you want stricter control.
The skill may not work as expected unless the local ClawHub session and Node runtime already exist.
The skill documents local runtime and auth prerequisites, while the registry metadata declares no required binaries, credentials, or config paths. This is an under-declared but disclosed setup requirement.
This skill expects: local `clawhub` CLI installed and authenticated ... local ClawHub config present ... Node available for the publish script
Declare Node, ClawHub CLI/session, and config expectations in metadata, and verify the included script before use.