ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Clawhub Skill Audit

v1.0.0

Audit locally installed skills against ClawHub: detect version drift, find new publish candidates, review security flags, and triage ownership conflicts. Use...

0· 91·0 current·0 all-time
byNissan Dookeran@nissan

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for nissan/clawhub-skill-audit.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Clawhub Skill Audit" (nissan/clawhub-skill-audit) from ClawHub.
Skill page: https://clawhub.ai/nissan/clawhub-skill-audit
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: clawhub, python3
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install clawhub-skill-audit

ClawHub CLI

Package manager switcher

npx clawhub@latest install clawhub-skill-audit
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (audit local ClawHub skills) aligns with the actions in SKILL.md: it calls the clawhub CLI, compares local SKILL.md versions, checks registry metadata, and runs local compliance checks. Requesting clawhub and python3 binaries is reasonable for this purpose. However, the playbook expects several local helper scripts and a specific ~/.openclaw workspace layout that are not declared in the skill requirements or bundled with the skill, which is an implementation mismatch.
!
Instruction Scope
The SKILL.md instructs the agent to execute hard-coded absolute paths (e.g., /Users/loki/.pyenv/... and ~/.openclaw/workspace/scripts/...) and to read local skill directories (~/.openclaw/workspace/skills/*) and SKILL.md files. That behavior is expected for a local-audit tool, but the hard-coded user path and missing helper scripts are problematic: the instructions will fail for other users, and running unknown local scripts (drift-detector.py, clawhub_audit.py, publish-skill.sh) without review could execute arbitrary actions (file modification, publishing). The playbook also suggests copying and republishing skill directories under new slugs — an action that requires careful access/ownership checks and is potentially destructive if done blindly.
Install Mechanism
There is no install spec (instruction-only), so nothing is written to disk by the skill itself. This minimizes installer risk. However, the playbook depends on local scripts that must already exist on disk; those are not provided or declared.
Credentials
The skill declares no required environment variables and only requires the clawhub CLI and python3. That is reasonable. However, the playbook will call 'clawhub inspect' and 'clawhub publish' which rely on the user's clawhub configuration and credentials (not mentioned). The instructions do not declare or ask for these credentials, nor do they warn about required clawhub auth context, which is a proportionality/documentation gap. The playbook also reads files from the user's home (~/.openclaw), so filesystem access is required but not explicitly described in the 'requires' section.
Persistence & Privilege
The skill does not request always:true and is user-invocable; it does not request elevated platform privileges. It does instruct use of local scripts and running 'clawhub publish', which have side effects, but the skill itself does not demand persistent presence or special platform privileges.
What to consider before installing
This SKILL.md appears to be a legitimate audit playbook, but proceed cautiously. Before running any commands: 1) Inspect the local scripts referenced (drift-detector.py, clawhub_audit.py, publish-skill.sh) to confirm what they do — they are not bundled with the skill. 2) Remove or adapt hard-coded absolute paths (e.g., /Users/loki/...) to your environment. 3) Be aware 'clawhub inspect' and 'clawhub publish' use your clawhub credentials/config — ensure you have proper ownership and authorization before publishing or forking a slug. 4) Run in a safe/test environment first (or with dry-run options) to avoid accidental publishes, overwrites, or data leakage. If you cannot audit the helper scripts, treat the playbook as untrusted.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🔍 Clawdis
Binsclawhub, python3
latestvk973108y7key25h76b6969jgt983rmv9
91downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
Nissan Dookeran@nissan
latest
Download

ClawHub Skill Audit

Maintain the health of your published ClawHub skills: detect drift, find new candidates, review security flags.

When to use

  • Weekly (Monday 09:00 AEST — automated via launchd)
  • Any time Nissan asks "do we need to update our ClawHub skills?"
  • Before a major release that ships new skills
  • When a skill shows unexpected behaviour that might have been fixed in a newer ClawHub version

Tools required

  • clawhub CLI (npm global: ~/.npm-global/bin/clawhub)
  • scripts/skill-lifecycle/drift-detector.py — version comparison
  • scripts/clawhub_audit.py — local security compliance check
  • scripts/skill-lifecycle/publish-skill.sh — publish gate

Full playbook

See playbooks/clawhub-skill-lifecycle/PLAYBOOK.md for complete step-by-step.

Quick audit (3 commands)

1. Check drift (local vs published)

/Users/loki/.pyenv/versions/3.14.3/bin/python3 \
  ~/.openclaw/workspace/scripts/skill-lifecycle/drift-detector.py

2. Check for hidden / flagged skills

for skill in agent-hive llm-eval-router fastapi-studio-template observability-lgtm \
  insight-engine fact-checker agent-budget-governance demo-precacher \
  gateway-env-injector mistral-agents-orchestrator multi-agent-pipeline \
  tweet-humanizer tweet-pipeline notion-content-pipeline security-auditor; do
  result=$(clawhub inspect "$skill" 2>&1 | grep -E "Owner:|Latest:|hidden|security|flag|pending")
  echo "$skill: $result"
done

Look for: hidden while security scan is pending or any flag/warning text.

3. Find new candidates (never published)

for d in ~/.openclaw/workspace/skills/*/; do
  name=$(basename "$d")
  has_version=$(grep -m1 "^version:" "$d/SKILL.md" 2>/dev/null | wc -c)
  published=$(clawhub inspect "$name" 2>/dev/null | grep "Owner: nissan")
  if [ "$has_version" -gt 0 ] && [ -z "$published" ]; then
    ver=$(grep -m1 "^version:" "$d/SKILL.md" | awk '{print $2}' | tr -d "'\"")
    echo "CANDIDATE: $name @ $ver"
  fi
done

Publishing a skill update

# 1. Bump version in SKILL.md frontmatter
# 2. Add CHANGELOG.md entry
# 3. Run publish gate (checks version + changelog)
bash ~/.openclaw/workspace/scripts/skill-lifecycle/publish-skill.sh <skill-name>
# 4. Publish
clawhub publish ~/.openclaw/workspace/skills/<skill-name>

Fixing a security-flagged skill

  1. Run local compliance check:
/Users/loki/.pyenv/versions/3.14.3/bin/python3 \
  ~/.openclaw/workspace/scripts/clawhub_audit.py <skill-name>

  1. Fix the flagged issues (typically: undeclared env vars, missing network.outbound, suspicious patterns)

  2. Bump patch version, add CHANGELOG entry, republish.

Ownership conflicts

If clawhub publish returns Error: Only the owner can publish updates:

  • The skill was installed from ClawHub and belongs to another account
  • Do NOT try to re-publish under the same slug
  • Options: fork as reddi-<name>, or keep local-only
  • To fork: copy skill dir → rename to reddi-<name> → update name: in SKILL.md → publish new slug

Known nissan-owned slugs (as of 2026-03-25)

agent-hive, llm-eval-router, fastapi-studio-template, observability-lgtm,
insight-engine, fact-checker, agent-budget-governance, demo-precacher,
gateway-env-injector, mistral-agents-orchestrator, multi-agent-pipeline,
tweet-humanizer, tweet-pipeline, notion-content-pipeline

Known community skills with local improvements

SkillPublished ownerRecommended action
humanizerbiostartechnologyFork as reddi-humanizer
self-improving-agentpskoettAudit diff, then fork or local-only

Gotchas

  • clawhub explore returns empty — use clawhub inspect <slug> per skill
  • _meta.json in skill dir = drift tracker. Missing = drift detector can't compare. After publish, clawhub writes this file.
  • Security scan is usually quick (minutes) but can take hours. Hidden ≠ failed — wait and re-check.
  • Rate limit: max 5 new skill publishes per hour. Batch in groups of 5, wait ~60s between groups.
  • ClawHub ahead of local: fastapi-studio-template, insight-engine, fact-checker, demo-precacher show higher published versions than local. Run clawhub update <slug> to pull those down and sync.

Comments

Loading comments...