Skill Publish
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: skill-publish Version: 1.0.0 The skill's primary function is to safely publish other skills, with strong emphasis on sanitization and user approval. However, the `verify.md` file instructs the agent to execute `npx clawhub publish` and `npx clawhub install` commands, which accept user-controlled parameters like `--slug` and `--name`. If the OpenClaw agent does not rigorously sanitize these user-provided strings before executing the shell command, it could lead to a command injection vulnerability (RCE). While the skill's instructions do not explicitly encourage malicious behavior, this potential for RCE via unsanitized input makes it suspicious.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the user approves the wrong folder, slug, or metadata, content could be published publicly.
The skill documents a high-impact publish command, but it is directly tied to the skill purpose and explicitly gated on user approval.
Only after approval: npx clawhub publish <folder> --slug "<slug>" --name "<name>" --version "<version>"
Inspect the publish folder and confirm slug, name, version, description, and file list before approving the publish step.
Running the command may execute the current ClawHub CLI package available to npx.
The documented workflow invokes the ClawHub CLI through npx without pinning a package version; this is expected for the publishing workflow but depends on trusted package tooling.
npx clawhub publish <folder>
Use a trusted environment and consider pinning or verifying the ClawHub CLI version if reproducibility or supply-chain control matters.
Accidentally published private data or incorrect content may require a new version or support intervention to remediate.
The artifacts acknowledge that published skills can persist publicly, so a mistake in sanitization or approval may have lasting impact.
**Run this BEFORE any publish.** Public skills are permanent.
Treat the pre-publish review as the final checkpoint and verify that secrets, personal data, and internal references have been removed.