Clawhub auto publisher
PassAudited by ClawScan on May 10, 2026.
Overview
This skill is purpose-aligned and the included code only scans local OpenClaw skill folders and simulates publishing, but users should notice it is intended to bulk-publish skills using a ClawHub API key.
Before installing or running, use --dry-run to see which local skills would be affected, only provide a ClawHub API key you trust the script to use, and be aware that the current source appears to simulate uploads rather than actually call the ClawHub API.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the publish path could submit multiple local skills to the marketplace if the API upload is implemented; in the provided code it only prints an upload message.
The script loops over all discovered local skills and would upload every ready skill when not in dry-run mode. This matches the stated publisher purpose, but bulk publishing is a high-impact action users should review.
skills = self.scan_skills() ... if skill['ready'] and not dry_run:\n self._upload_to_clawhub(skill)
Run with --dry-run first, review the listed skills, and prefer an explicit per-skill selection or confirmation before enabling real uploads.
Whoever runs the script with a valid API key may have authority to publish under the associated ClawHub account.
The skill asks for a ClawHub API key, which is expected for publishing to a marketplace account. The provided code reads the key but does not show logging, hardcoding, or unrelated transmission.
export CLAWHUB_API_KEY=your_key_here
Use a scoped API key if available, avoid sharing it, and unset or rotate it if you no longer need this publisher.