Clawdhub Submit
ReviewAudited by ClawScan on May 1, 2026.
Overview
This is an instruction-only publishing helper with user-directed CLI and login steps, so it appears coherent but users should verify commands before running them.
This skill looks safe as an instruction-only ClawdHub publishing helper. Before installing or using it, read the commands carefully, verify the official ClawdHub CLI package, run checks only in the intended skill directory, and protect any login token you use.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the publish command may upload or publish a skill under the user's account.
The skill documents a command that can publish user content to ClawdHub. This is aligned with the stated purpose and user-directed, but it can change public/account state.
clawdhub publish ./your-skill --name "你的技能" --slug "your-skill"
Confirm the target directory, skill name, slug, and account before running any publish command.
A token may grant publishing access to the user's ClawdHub account if used with the CLI.
The optional CLI workflow requires a ClawdHub token. Token use is expected for publishing, and there is no evidence the skill logs or transmits it elsewhere.
clawdhub login --token YOUR_TOKEN
Use only tokens from the official ClawdHub flow, avoid sharing them in chat or logs, and revoke tokens that may have been exposed.
Installing a global CLI gives that package code execution on the user's machine during install and use.
The skill recommends installing an external npm package globally. This is purpose-aligned for a CLI publishing workflow, but global package installs carry normal supply-chain risk.
npm install -g clawdhub
Verify the package source and documentation before installing, and prefer official installation instructions.