ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

cli-hub

v1.0.1

Unified CLI gateway to search, install, authenticate, and invoke enterprise and AI platform tools (WeCom, DingTalk, Lark/Feishu, Dreamina) covering 91+ opera...

1· 103·0 current·0 all-time
byAgentrix@lxyd-ai

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for lxyd-ai/cli-hub.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "cli-hub" (lxyd-ai/cli-hub) from ClawHub.
Skill page: https://clawhub.ai/lxyd-ai/cli-hub
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install cli-hub

ClawHub CLI

Package manager switcher

npx clawhub@latest install cli-hub
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (unified CLI gateway for WeCom/DingTalk/Lark/Dreamina) aligns with the runtime instructions which describe searching, installing, authenticating, and invoking provider CLIs. However, the registry metadata lists 'Source: unknown' and no homepage while SKILL.md claims a PyPI package and a GitHub repo; this mismatch reduces confidence in provenance.
Instruction Scope
SKILL.md gives step-by-step CLI usage (doctor, install, auth, search, info, run) and keeps actions within the advertised domain of installing and invoking provider CLIs. It does instruct interactive authentication (browser/QR) which is expected, but there is also a recommendation to run an internet-fetched convenience script (curl | bash) — that expands scope to arbitrary remote code execution if followed.
!
Install Mechanism
Although the skill itself is instruction-only, SKILL.md recommends installing a PyPI package and provides a raw GitHub curl|bash convenience installer that 'internally runs pip'. The registry contains no install spec and metadata lacks homepage/source, so relying on the convenience script or unverified PyPI package is a higher-risk install pattern (remote code download and execution).
Credentials
The skill declares no required env vars, which is consistent with instruction-only design. However, the underlying CLIs the skill installs/authenticates will need provider credentials and will store/use them; SKILL.md does not enumerate which credentials or config paths may be created, so users should expect the skill to lead to multiple service credentials being provided interactively.
Persistence & Privilege
The skill is not always-installed and doesn't request elevated platform privileges in the registry. It is user-invocable and permits autonomous invocation by default (normal for skills). There is no evidence it modifies other skills or system-wide agent settings.
What to consider before installing
This skill appears to do what it says (a gateway that installs and runs provider CLIs), but take these precautions before installing or following its convenience script: 1) Verify the package and repo provenance — check the PyPI page and the GitHub repository named in SKILL.md (confirm owner, recent commits, and stars). The registry metadata currently does not show a homepage/source, which is a red flag. 2) Prefer isolated installs (pipx, virtualenv) rather than running curl | bash; avoid executing raw install scripts from unknown repos. 3) Understand that installing --all or running auth will cause multiple provider CLIs to be installed and will require you to supply or authorize credentials (browser/QR). Limit scope: install only the providers you need. 4) If you must use it in an automated/agent context, do not give it unattended network/credential access; require manual confirmation for interactive auth steps. 5) If you need higher assurance, request or inspect the actual PyPI package source or repository commit/tag and signature before trusting installs.

Like a lobster shell, security has layers — review code before you run it.

latestvk973d78x7hamvwxfdh2s8xexv5840p0a
103downloads
1stars
2versions
Updated 3w ago
v1.0.1
MIT-0
Agentrix@lxyd-ai
latest
Download

cli-hub — Unified CLI Gateway

One Skill to search and invoke all enterprise and AI creation tools (WeCom / DingTalk / Lark / Dreamina), covering 91+ tools.

Installation

Recommended (from PyPI, package signatures verified):

pip install agent-cli-hub     # pip
pipx install agent-cli-hub    # pipx (isolated env)
uv tool install agent-cli-hub # uv

PyPI: https://pypi.org/project/agent-cli-hub/ Source: https://github.com/agentrix-ai/clihub (MIT License)

Alternative (convenience script, internally runs pip from PyPI):

curl -sSL https://raw.githubusercontent.com/agentrix-ai/clihub/main/install.sh | bash

After installation, cli-hub is available as a command.

Mandatory Rules

  1. Never guess commands — Always cli-hub search to find the tool ID first.
  2. Check params before calling — Always cli-hub info <id> to confirm the parameter schema.
  3. On error, consult the "Error Handling" table below.

Standard Workflow

Follow Steps 1 → 2 → 3 → 4 strictly in order.

Step 1: Check Environment (required on first use)

cli-hub doctor

Based on output:

  • not installed → install the CLI
  • installed but not authenticated → run auth
  • All OK → skip to Step 2

Install underlying CLIs:

cli-hub install wecom              # WeCom
cli-hub install dingtalk           # DingTalk
cli-hub install lark               # Lark/Feishu
cli-hub install dreamina           # Dreamina AI
cli-hub install --all              # All providers
cli-hub install lark --timeout 300 # Increase timeout for slow networks

Authenticate (interactive, requires browser):

cli-hub auth wecom
cli-hub auth dingtalk
cli-hub auth lark
cli-hub auth dreamina              # Dreamina (terminal QR code login)
cli-hub auth --status              # Check all auth status

Step 2: Search Tools

cli-hub search "send message"
cli-hub search "create todo" --provider lark
cli-hub search "generate video" --provider dreamina
cli-hub search "meeting" --json     # Recommended for agents: JSON with input_schema

Step 3: Check Parameters

cli-hub info wecom.msg.send_message        # Table format
cli-hub info wecom.msg.send_message --json # Recommended for agents: full JSON Schema

Shows: parameter name, type, required (*), example, command template.

Step 4: Invoke Tool

Method A — JSON arguments (WeCom style):

cli-hub run wecom.msg.send_message --args '{"chat_type":1,"chatid":"user1","msgtype":"text","text":{"content":"hello"}}'

Method B — Flag arguments (DingTalk / Lark / Dreamina style):

cli-hub run lark.im.messages_send --chat-id oc_xxx --text "Hello"
cli-hub run dingtalk.todo.task_create --title "Write report" --executors userId
cli-hub run dreamina.generate.text2image --prompt "a cat portrait" --ratio 1:1

How to choose? cli-hub info <id> Example field shows the underlying CLI's argument style.

Utility Commands

CommandPurpose
cli-hub listList all providers
cli-hub list larkList all Lark tools
cli-hub list dingtalk --category todoFilter by category
cli-hub refreshRefresh schemas from installed CLIs
cli-hub add <binary> --display "Name"Add a new CLI provider

Decision Tree

User intent
├── Unsure which platform → cli-hub search "<description>"
├── Know platform, not tool → cli-hub list <provider>
├── Found tool ID → cli-hub info <id> → cli-hub run <id> [args]
├── "not installed" → cli-hub install <provider>
├── "not authenticated" → cli-hub auth <provider>
├── "Operation not found" → cli-hub search again
├── "timed out" → cli-hub install <provider> --timeout 300
└── Unsure about env → cli-hub doctor

Error Handling

ErrorCauseFix
not installedCLI not installedcli-hub install <provider>
not authenticatedNot authenticatedcli-hub auth <provider>
Operation not foundTypo in IDcli-hub search to find correct ID
No adapter registeredWrong provider namecli-hub list to see available names
timed out after NsTimeoutRetry with --timeout 300
Invalid JSONMalformed --args JSONCheck quotes and escaping
Underlying CLI errorWrong params or insufficient permissionscli-hub info <id> to check params

Supported Platforms

PlatformProviderToolsCoverage
WeCom (企业微信)wecom28Contacts, Todos, Meetings, Messages, Calendars, Docs, Smart Sheets
DingTalk (钉钉)dingtalk23Contacts, Groups, Calendar, Todos, Approvals, Attendance, Logs, Smart Sheets
Lark/Feishu (飞书)lark28Calendar, Messages, Docs, Drive, Bitable, Spreadsheets, Tasks, Wiki, Email, Meetings
Dreamina (即梦)dreamina12Text-to-Image, Text-to-Video, Image-to-Video, Multimodal Video, Upscale, Seedance 2.0

Notes

  • Authentication is interactive; the agent should prompt the user to complete browser authorization
  • For Dreamina, use dreamina login --headless (terminal QR code); generation consumes credits — warn the user
  • Dreamina tasks are async: after submit, use query_result --submit_id=<id> to check results
  • Search results are ranked by relevance; prefer the highest-scored tool
  • Invoke tools one at a time and confirm results before proceeding

Comments

Loading comments...