ClawHub

Find Skills Skill Rose

v1.0.0

Search and discover OpenClaw skills from various sources. Use when: user wants to find available skills, search for specific functionality, or discover new s...

0· 146·0 current·0 all-time
by@roseknife520
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name, description, and runtime instructions align: this is a discovery/search helper that points users to clawhub, the OpenClaw directory, GitHub, and forums. Nothing in the skill requests unrelated credentials, binaries, or config paths. Minor inconsistency: the _meta.json ownerId (kn7amrt...) does not match the registry ownerId (kn70qp1ypy...), which is unexpected metadata drift and worth verifying.
Instruction Scope
SKILL.md is an instruction-only document that only recommends search commands (npx clawhub ...) and public websites. It does not instruct reading local files, environment variables, or exfiltrating data. Note: it recommends using `npx` which will fetch and execute code from the npm registry — running those commands executes remote code, so the user should verify the clawhub package (publisher, checksum, homepage) before running.
Install Mechanism
There is no install spec and no code files; nothing will be written to disk by the skill itself. This is the lowest-risk install profile.
Credentials
The skill declares no required environment variables, no credentials, and no config paths. The SKILL.md does not reference hidden env vars or secrets.
Persistence & Privilege
always is false and the skill does not request persistent or elevated presence. It does not modify other skills or system-wide settings.
Assessment
This skill appears to do what it says: point you to search tools and directories for OpenClaw skills. Before running any suggested commands (notably any `npx clawhub ...` invocations), verify the clawhub package on npm (publisher, recent versions, homepage, and repository) because npx will fetch and run remote code. Also double-check the owner metadata mismatch in _meta.json vs. registry — confirm the publisher identity on clawhub.com or the registry page. If you only plan to read the guidance, there is no risk; if you plan to execute recommended commands, treat them like any third-party CLI and verify the source first.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cqykqj1eq2fm91w5wvas0hn83m4m9

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔍 Clawdis

Comments