ClawHub技能探索工具
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The skill is presented as a ClawHub search/navigation tool, but the package also contains self-publishing/ranking automation and a hard-coded ClawHub token.
Review carefully before installing. The search features are plausible, but the package includes maintenance scripts that can republish the skill and optimize its ranking, plus an exposed ClawHub token. Only use it after removing/revoking secrets, disabling scheduled automation, and fixing shell-command handling.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may keep operating on a schedule and change public skill metadata without a user’s immediate request.
This states a goal of nightly autonomous optimization to maintain platform ranking, which is not part of the advertised skill-search purpose.
Goal: 每天夜里2:00am优化clawhub-skill-explorer技能的描述和关键词,维持平台排名 ... 定时任务已配置
Remove scheduled self-optimization behavior, or clearly disclose it and require explicit user approval before each publish/update action.
A visible token could be abused to access or modify ClawHub resources, and users cannot easily understand whose account or authority is being used.
A ClawHub token is hard-coded directly in a bundled script, while the registry metadata declares no required credentials.
token = "clh_bbGajvH2...Q5UX1I"
Revoke the exposed token, remove secrets from source, and require scoped credentials through a declared environment variable or secure credential store.
If run, the skill can update or republish ClawHub content rather than merely helping a user find skills.
The script invokes a publish command that mutates ClawHub state and changes skill tags, which is not a normal search/browse operation.
subprocess.run(["clawhub", "publish", "/Users/sunyanguang/.openclaw/workspace/custom-skills/clawhub-skill-explorer", "--name", "ClawHub技能探索工具", "--version", "1.0.0", "--tags", tags]
Separate publisher/maintenance tooling from the user-facing skill, and require clear confirmation before any registry-modifying command.
A malicious or malformed skill slug could cause unintended local shell commands to run.
The code builds shell commands with variable input and executes them through os.popen, which can allow shell injection if a slug or command string contains shell metacharacters.
result = os.popen(cmd).read().strip() ... output = self._execute_clawhub_cmd(f"clawhub inspect {slug}")Use subprocess with argument lists, validate slugs against a strict pattern, and avoid passing user-controlled strings to a shell.