Skill Hub
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill mostly matches its stated purpose, but its vetting command can be steered into scanning files outside the skills folder if given a malformed skill name.
Use this skill only in a trusted workspace, do not vet slugs containing slashes or '..', review results before installing any skill, and consider pinning/verifying the ClawHub CLI and catalog source. Treat PASS/Trusted labels as helpful signals, not proof that a skill is safe.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malformed or malicious skill name could cause the vetter to scan unintended local directories and expose file paths or matched snippets to the agent output.
The user- or catalog-provided slug is joined into a local path without rejecting absolute paths, separators, or '..', then passed to the recursive scanner.
parser.add_argument("--slug", "-s", help="Vet a single skill by name")
...
local = WORKSPACE / "skills" / slug
if local.exists():
return local, False
...
findings = scan_skill_dir(skill_path)Validate slugs with a strict allowlist, resolve the path, reject '..' and path separators, and verify the final path remains inside the intended skills directory before scanning.
Registry operations may execute whatever version of the ClawHub CLI is current when the command runs.
The skill invokes a mutable latest-version external CLI at runtime for registry operations, which is expected for this integration but depends on external package provenance.
["npx", "clawhub@latest", "list"]
Prefer a pinned ClawHub CLI version or verify the CLI source before use, especially before installing or inspecting unknown skills.
GitHub API checks may use your existing gh login and its permissions.
The quick-check feature uses the GitHub CLI and may run under the user's logged-in GitHub identity, although no credential theft or logging is shown.
output = run_gh([
"api", f"repos/{REPO}/commits?per_page=1",
...
print(" Could not reach GitHub API. Check `gh auth status`.")Confirm which GitHub account gh is authenticated as, and use a least-privileged token/account if possible.
If the remote catalog contains misleading text or maliciously crafted entries, that content can persist locally and influence later recommendations.
The skill stores mutable remote catalog content locally and later uses it for search results, recommendations, and vetting targets.
RAW_URL = "https://raw.githubusercontent.com/VoltAgent/awesome-openclaw-skills/master/README.md" ... "skills": new_skills, ... json.dump(catalog, f, indent=2)
Treat catalog entries as untrusted data, refresh from trusted sources, and avoid batch-vetting or installing catalog entries without review.