Clawhub Ops
Security checks across malware telemetry and agentic risk
Overview
This skill embeds real-looking ClawHub and GitHub credentials and gives instructions for multi-account proxy publishing and detection-evasion, making it unsafe to install.
Do not install this skill. Treat all listed ClawHub tokens, proxy credentials, and the GitHub PAT as compromised; revoke or rotate them, remove the credential file, and rebuild the skill around user-supplied scoped credentials and compliant publishing instructions.
VirusTotal
No VirusTotal findings
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone or any agent with access to this skill could use or leak these credentials, publish as those accounts, or access the referenced GitHub account.
The file contains real-looking ClawHub account tokens, proxy credentials, and a GitHub personal access token in a published skill artifact.
`账号 → Token → Proxy → IP 对照表` with `clh_...` tokens and proxy URLs; later `PAT: ghp_...`
Revoke the exposed tokens immediately, remove secrets from the skill, and require user-provided scoped credentials through a declared credential mechanism.
The skill can cause account switching, persistent credential changes, and public registry mutations without clear per-action approval, rollback, or containment.
The instructions tell the agent/user to overwrite authentication config files and perform publishing actions through a proxy.
`echo '{"registry":"https://clawhub.ai","token":"TOKEN"}' > ...config.json` and `HTTPS_PROXY=PROXY_URL npx clawhub@latest publish <path> --slug <slug> --version 1.0.0`Require explicit user confirmation before any publish or config mutation, avoid overwriting global config files, and use scoped temporary credentials.
Installing this skill could lead an agent to help manipulate publishing workflows, search ranking, or platform safeguards, risking account suspension and marketplace abuse.
The guidance explicitly discusses avoiding script-like timing, spam-detection triggers, and review similarity thresholds.
`不能卡固定值,太像脚本`, `触发 spam 检测`, and `与已发 Skill 差异度 > 40%`
Remove detection-evasion and spam/review-bypass guidance; limit the skill to compliant publishing operations and transparent optimization practices.
A user or agent may execute unreviewed or changed code while using privileged tokens and publishing authority.
The workflow runs an unpinned latest CLI package and references local helper scripts that are not included in the reviewed artifact set.
`npx clawhub@latest publish` and `发版脚本 /Users/user/.openclaw/workspace-master/.../publish-with-proxy.sh`
Pin CLI versions, include referenced helper scripts for review, verify package provenance, and avoid passing privileged tokens to unreviewed tooling.