Clawhub Skill Audit

The name/description (audit local ClawHub skills) aligns with the actions in SKILL.md: it calls the clawhub CLI, compares local SKILL.md versions, checks registry metadata, and runs local compliance checks. Requesting clawhub and python3 binaries is reasonable for this purpose. However, the playbook expects several local helper scripts and a specific ~/.openclaw workspace layout that are not declared in the skill requirements or bundled with the skill, which is an implementation mismatch.

The SKILL.md instructs the agent to execute hard-coded absolute paths (e.g., /Users/loki/.pyenv/... and ~/.openclaw/workspace/scripts/...) and to read local skill directories (~/.openclaw/workspace/skills/*) and SKILL.md files. That behavior is expected for a local-audit tool, but the hard-coded user path and missing helper scripts are problematic: the instructions will fail for other users, and running unknown local scripts (drift-detector.py, clawhub_audit.py, publish-skill.sh) without review could execute arbitrary actions (file modification, publishing). The playbook also suggests copying and republishing skill directories under new slugs — an action that requires careful access/ownership checks and is potentially destructive if done blindly.

There is no install spec (instruction-only), so nothing is written to disk by the skill itself. This minimizes installer risk. However, the playbook depends on local scripts that must already exist on disk; those are not provided or declared.

The skill declares no required environment variables and only requires the clawhub CLI and python3. That is reasonable. However, the playbook will call 'clawhub inspect' and 'clawhub publish' which rely on the user's clawhub configuration and credentials (not mentioned). The instructions do not declare or ask for these credentials, nor do they warn about required clawhub auth context, which is a proportionality/documentation gap. The playbook also reads files from the user's home (~/.openclaw), so filesystem access is required but not explicitly described in the 'requires' section.

The skill does not request always:true and is user-invocable; it does not request elevated platform privileges. It does instruct use of local scripts and running 'clawhub publish', which have side effects, but the skill itself does not demand persistent presence or special platform privileges.