Skills Cli
PassAudited by ClawScan on May 1, 2026.
Overview
This instruction-only skill is coherent for managing ClawHub skills, but users should review commands that update, install, publish, or sync skills before running them.
This skill appears safe to install as an instruction-only helper, but treat its commands as real changes: check the target directory and account, avoid --all unless intended, and review any skill contents before publishing or syncing them to ClawHub.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If run without checking scope, these commands could update all installed skills or publish/sync more skill content than intended.
The skill documents CLI commands that can install, update, publish, or bulk-sync skills. This is central to the stated purpose, but these are high-impact operations that can change local agent behavior or remote registry state.
`clawhub install <slug>` ... `clawhub update --all` ... `clawhub publish <path>` ... `clawhub sync --all`
Before running mutating commands, confirm the working directory, target slug/path, version, account, and whether an --all operation is really desired.
Publishing or syncing could affect the user's ClawHub account and make skill versions available remotely.
The troubleshooting text references login state and the workflow includes publishing/syncing to ClawHub, implying these commands may act under the user's logged-in ClawHub account. This is expected for the purpose, with no evidence of credential collection or leakage.
如果命令失败:... 未登录 ... 单个技能:推荐使用 `clawhub publish` ... 多个技能:推荐使用 `clawhub sync --all`
Verify the active ClawHub login and account permissions before publishing or syncing skills.
A user could accidentally run an unexpected or untrusted `clawhub` binary if their local environment is misconfigured.
The artifact is instruction-only and does not install or pin the external `clawhub` CLI that the SKILL.md commands rely on. This is a provenance/setup note rather than evidence of malicious behavior.
No install spec — this is an instruction-only skill. Required binaries (all must exist): none
Install the ClawHub CLI from a trusted source and verify the binary/version before following the command templates.