Clawhub Skill Optimizer
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: clawhub-skill-optimizer Version: 2.0.0 The skill bundle is a growth and SEO optimization tool for OpenClaw agents. It contains Python scripts for analyzing user reviews and fetching trending topics from public APIs (GitHub, Weibo, etc.) to suggest metadata improvements. No malicious behaviors such as data exfiltration, unauthorized execution, or harmful prompt injections were found; the code is well-documented and aligns with its stated purpose.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the examples are run, trend queries and related request metadata may be sent to public third-party services.
The reference examples call third-party trend APIs. This is expected for trend tracking, but it means copied examples would make network requests outside ClawHub.
url = "https://uapis.cn/api/hotboard" ... r = requests.get(url, params=params, timeout=8)
Use these API examples only when needed, review the third-party service terms/privacy, and avoid sending private review text or confidential skill details.
A user who copies the example may install a package from the Python package ecosystem without version pinning.
The guide references an optional, unpinned package install that is not declared in install metadata. This appears to be documentation rather than automatic installation.
Requires: pip install pytrends
Install optional dependencies only when necessary, verify the package source, and pin versions in any real implementation.
Reports could expose personal or sensitive feedback if the input reviews are private or if reports are shared publicly.
The review-analysis templates include user identifiers, ratings, dates, and review text, and generated reports quote review content and users.
"user": "user_xxx", "rating": 5, "text": "非常好用!...", "date": "2026-05-01"
Redact usernames and sensitive review details before sharing outputs, and use only review data you are authorized to analyze.
Public replies or metadata generated from these templates could overpromise future features or exaggerate proof points.
A generic response template says a requested feature is already planned for the next version. This may be appropriate if true, but could mislead users if used automatically or without validation.
"感谢您的建议!{具体建议}已经在我们的开发计划中,预计在下一个版本中加入。"Review all generated marketing copy and review responses for accuracy; only make claims or commitments that are true.
If implemented without controls, a trend checker could continue making periodic network requests after the immediate task is done.
The reference includes a background polling worker template. It is not runnable as an installed skill here, but copied code could create repeated background activity.
import schedule
import time
import threading
def trending_alert_worker(... check_interval_hours=6):
"""
Background worker that checks for trending keyword matches.Do not launch background workers automatically; require explicit user approval, provide clear stop controls, and document what is polled and how often.