Skill Dashboard
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill mostly matches its dashboard purpose, but it can update or uninstall skills through unvalidated shell commands, so it should be reviewed before use.
Use this only if you trust the package and want it to manage installed skills. Before installing, prefer a version that replaces shell interpolation with safe argument passing, validates skill slugs, and enforces confirmation inside update/uninstall execution paths.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A crafted or prompt-injected skill name could cause unintended local shell commands to run.
The shell command is built from a variable with no escaping or slug validation shown. This check can run before any update confirmation.
exec(`clawhub inspect ${skillSlug} --json`, { encoding: 'utf8', timeout: 30000 }, (error, stdout, stderr) => {Use execFile/spawn with an argument array, validate slugs with a strict allowlist such as /^[a-zA-Z0-9_-]+$/, and only operate on exact slugs returned by clawhub list.
A mistaken, hijacked, or malformed action could remove or change installed skills and alter the agent environment.
This exported path directly invokes a high-impact uninstall command. The function itself does not enforce a confirmation token or target allowlist.
await execCommand(`clawhub uninstall ${skillSlug}`);Require a fresh explicit confirmation inside the mutating function, show the exact target slug/version, restrict targets to installed skills, and provide rollback or reinstall guidance.
This is expected for the stated purpose, but it can make irreversible or behavior-changing changes to the user's skill set.
The skill is explicitly designed to use the user's local ClawHub authority to update or uninstall installed skills.
卸载技能 → "⚠️ 卸载不可逆,确定要继续吗?"; 更新技能 → "检测到新版本,确定要更新吗?"
Install only if you want the agent to manage installed skills, and confirm exact skill names before allowing update or uninstall actions.
Users have less registry-level visibility into runtime code, dependencies, and provenance.
The registry/install metadata is thin for a package that includes executable JavaScript files and local shell execution.
No install spec — this is an instruction-only skill.
Publish a verifiable source/homepage, declare runtime requirements and capabilities accurately, and keep version/dependency metadata consistent.
Local skill usage/status data may persist between sessions and could be stale or modified by someone with file access.
The skill keeps persistent local state about installed skills and usage/status information.
"记录技能的启用状态、自动生效设置、使用记录等"
Document cache locations, retention, and reset/clear steps; validate cached state before using it for decisions.
Users may over-trust the skill's safety claims despite the implementation concerns above.
A self-audit banner may be mistaken for independent security approval.
# ✅ 已通过自我审核(v2.0.2)
Treat the banner as a developer self-check only, and prefer an independently reviewed version.