ClawHub

ClawHub Publisher

v0.1.1

Use the bundled ClawHub Publisher CLI to validate, prepare, zip, and publish OpenClaw skills to ClawHub with clearer validation, cleaner packaging, and safer...

0· 75·0 current·0 all-time
by@sam-k-migz
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description match the included code and SKILL.md. The code implements validation, prepare, zip, and a publish step that calls the external 'clawhub' CLI — all expected for a publisher tool. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md and README clearly instruct building and running the bundled CLI. The implementation reads the target skill folder, performs validation, copies/prepares output under .clawhub-publisher, optionally creates zips, and uses execa to run the external 'clawhub publish' command. These actions are within the described scope. Note: the tool will execute the external 'clawhub' CLI (if present) and will write files into the working directory.
Install Mechanism
No install spec is included in the registry metadata (instruction-only). The repository includes source and a package.json but the skill does not request any automatic download-from-URL or installs itself. Build/install steps in docs are standard for a Node CLI (npm install; npm run build).
Credentials
The skill declares no required env vars, credentials, or config paths. The code uses execa to invoke external commands but does not request secrets. This is proportionate for a tool that calls an externally-authenticated 'clawhub' CLI.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges. It writes prepared output under a local directory (.clawhub-publisher) and creates zip/report artifacts — expected behavior for a packaging/publishing tool.
Assessment
This skill appears to be what it claims: a CLI to validate/prepare/package and then call your local 'clawhub' CLI to publish. Before using it: (1) review the included src/index.ts (already present) if you want to confirm behavior; (2) ensure you are logged into the official clawhub CLI before running publish (the tool calls that CLI via execa); (3) run validation/prepare first and inspect .clawhub-publisher and publish-report.json to verify output before allowing a publish; (4) avoid running publish --yes in directories you don't control or as a privileged user — the tool will run the external publish command which can publish files to ClawHub. If you do not have or trust the clawhub CLI, use --dry-run or the tool's validation/prepare commands only.

Like a lobster shell, security has layers — review code before you run it.

clivk97e6ran8cjzkqn3g7dyc7y0z183r24clatestvk9720q6w983m6k3d78wttz88b583r5rqpublishervk97e6ran8cjzkqn3g7dyc7y0z183r24c

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments