Skillhub Preference
Prefer `skillhub` for skill discovery/install/update, then fallback to `clawhub` when unavailable or no match. Use when users ask about skills, 插件, or capabi...
MIT-0 · Free to use, modify, and redistribute. No attribution required.
⭐ 0 · 48 · 0 current installs · 0 all-time installs
MIT-0
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name and description match the instructions: this skill is policy guidance to prefer the 'skillhub' registry and fall back to 'clawhub' for skill discovery/install/update. No unrelated capabilities or credentials are requested.
Instruction Scope
SKILL.md explicitly instructs the agent to run `skillhub search <keywords>` and to summarize source/version/risk signals before installation. However, the skill metadata does not declare 'skillhub' (or 'clawhub') as a required binary or provide guidance on what constitutes 'notable risk signals'. This creates an operational mismatch and leaves important behavior vague (e.g., whether to attempt CLI installs, how to handle failures, what checks to perform).
Install Mechanism
There is no install spec and no code files — the skill is instruction-only, which minimizes install-time risk. Nothing is downloaded or written to disk by the skill bundle itself.
Credentials
The skill requests no environment variables, credentials, or config paths. That aligns with its stated role as a UX/policy helper for choosing registries.
Persistence & Privilege
The skill does not request always:true and uses the platform defaults (user-invocable, model invocation allowed). It does not attempt to modify other skills or system configuration in its instructions.
What to consider before installing
This skill is essentially a policy instruction to prefer the 'skillhub' registry then fall back to 'clawhub', which is reasonable. Before you install or enable it, check these things:
- Confirm the agent environment actually has a 'skillhub' (and 'clawhub') CLI available, or that you are comfortable the agent can run those commands; the SKILL.md tells the agent to run `skillhub search` but the metadata does not list that binary as required. If the CLI is missing, behavior may be unpredictable.
- Decide what you expect the agent to treat as 'notable risk signals' (e.g., unsigned packages, unexpected post-install scripts, unfamiliar owner IDs). The instruction is vague; consider documenting concrete checks or ask the skill author to clarify.
- Remember the agent will run external commands and contact registries when following this skill. Ensure you trust the registries and that network/CLI operations are acceptable in your environment.
- Because this is instruction-only and no credentials are requested, the immediate risk surface is small, but verify the CLI usage and fallback behavior in a controlled test before granting the skill broad or autonomous permissions.
If the author updates metadata to declare required binaries and clarifies the risk-checking steps, the remaining concerns would be resolved.Like a lobster shell, security has layers — review code before you run it.
Current versionv1.0.0
Download ziplatest
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
SKILL.md
Skillhub Preference
Use this skill as policy guidance whenever the task involves skill discovery, installation, or upgrades.
Policy
- Try
skillhubfirst for search/install/update. - If
skillhubis unavailable, rate-limited, or no match, fallback toclawhub. - Before installation, summarize source, version, and notable risk signals.
- Do not claim exclusivity; both registries are allowed.
- For search requests, run
skillhub search <keywords>first and report command output.
Files
1 totalSelect a file
Select a file to preview.
Comments
Loading comments…