Clawhub Publish Workflow
ReviewAudited by ClawScan on May 13, 2026.
Overview
The workflow mostly matches ClawHub publishing, but it handles publishing credentials unsafely and relies on missing or mismatched helper scripts for required security checks.
Review this skill before use. Do not store API tokens in memory/credentials.md; use a proper secret mechanism and a least-privilege token. Verify or replace the missing/mismatched helper scripts before running scans, and require explicit user approval before any ClawHub publish command.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The security check may fail, give false assurance, or cause the user/agent to execute a different local script than the one reviewed here.
The workflow makes this security scanner a required pre-publish gate, but the provided file manifest does not include guard_scanner.py. SKILL.md also calls evaluator.py while the included evaluator file is named SKILL_EVALUATOR.py. This can make users run missing or unintended local code before publishing.
python3 guard_scanner.py <skill-path> --json ... Must return CLEAN before continuing
Bundle the referenced scanner and use matching filenames, or document a pinned, trusted installation source and hash. Until then, do not treat the required scan step as reviewed.
A ClawHub token stored this way could be exposed to future agent tasks, copied into published content, or reused without the user's intent.
The reference recommends persisting a ClawHub API token in a memory/markdown credentials file. That is sensitive credential material stored in persistent agent-readable context without clear access controls or retention boundaries.
Store in: `memory/credentials.md` ... - **Clé API:** `clh_...`
Use a secret manager, environment variable, or ClawHub’s normal credential mechanism instead of persistent memory files. Declare the credential requirement and avoid storing raw tokens in shared context.
If the token is broad or mishandled, an agent could publish or inspect skills under the user's account.
Publishing to ClawHub reasonably requires account authentication, but this gives the workflow delegated authority over the user's ClawHub account.
clawhub login --token <token> --no-browser
Use a least-privilege, revocable token and provide it only when publishing is intended.
A mistaken path, slug, version, or changelog could publish the wrong skill or expose unintended content.
The publish command is central to the skill's purpose, but it is a high-impact action that can create public or account-visible content.
clawhub publish <path> --slug <slug> --name "<名称>" --version 1.0.0 --changelog "<更改内容>"
Require an explicit user confirmation after reviewing the final package contents, slug, version, and account before running publish.
Users may assume the tool is portable and impersonal when it may fail, read/write unexpected paths, or encourage environment-specific content.
The bundled evaluator contains environment-specific names and paths even though the workflow describes itself as generic for any OpenClaw agent.
AGENT_NAME = "Morgana"
SKILL_DIR = Path("/media/ezekiel/Morgana/skills")Replace hardcoded personal paths with relative paths or user-supplied arguments, and align the evaluator with the generic publishing guidance.