ClawHub

ClawHub发布助手

PassAudited by ClawScan on May 10, 2026.

Overview

This instruction-only skill is coherently focused on publishing a user-selected skill to ClawHub, but users should be aware it uses ClawHub account credentials and can publish or modify skill files.

Install/use this skill only if you intend to let the agent help publish skills to ClawHub. Confirm the target directory and final publish command before execution, protect your ClawHub token, and review any target skill publish.sh before running it.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Note
ASI02: Tool Misuse and Exploitation
What this means

A mistaken target directory, slug, version, or changelog could publish the wrong skill or an unintended version to ClawHub.

Why it was flagged

The skill instructs the agent/user to run a publish command that can update a ClawHub-hosted skill. This is central to the skill’s purpose and is disclosed, but it is still a high-impact account action.

Skill content
clawhub publish "$SKILL_DIR" \
    --slug "$SKILL_NAME" \
    --name "$DISPLAY_NAME" \
    --version "$VERSION" \
    --changelog "<更新说明>"
Recommendation

Before publishing, verify the selected skill directory, slug, display name, version, and changelog, and require explicit user confirmation for the final publish command.

Note
ASI03: Identity and Privilege Abuse
What this means

Anyone or any process with access to the token or stored ClawHub config may be able to publish under the user’s ClawHub account.

Why it was flagged

The workflow uses a ClawHub authentication token even though registry metadata declares no primary credential. The token use is expected for publishing, but it gives account-level publishing authority.

Skill content
clawhub login --token "<你的token>" --no-browser
Recommendation

Use a token with the minimum necessary permissions if available, avoid sharing it in chat logs or shell history, and revoke or rotate it if exposed.

Note
ASI05: Unexpected Code Execution
What this means

If the target skill’s publish.sh contains unsafe commands, running it could execute unintended local actions.

Why it was flagged

The skill optionally suggests running a publish.sh script from the target skill directory. This is relevant to publishing, but the script contents are outside the reviewed artifacts.

Skill content
如果技能目录包含 `publish.sh`,可以直接运行:

```bash
cd <技能目录>
./publish.sh [版本号] [更新说明]
```
Recommendation

Inspect any publish.sh script before running it, especially for third-party or newly downloaded skills.