ClawHub

E2E e2e-repro2-1772127134

v1.0.0

Performs deterministic end-to-end tests to validate ClawHub CLI publish lifecycle commands and verify registry metadata accuracy.

0· 443·0 current·0 all-time
by@vacinc
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill's name and description say it runs deterministic E2E tests for the ClawHub CLI publish lifecycle, yet it declares no required binaries, no credentials, and no config paths. A publish/install/update/delete test normally needs CLI tooling, access to a registry, or at least concrete command examples; the absence of these is inconsistent with the stated purpose.
!
Instruction Scope
SKILL.md tells the agent to "Run the listed command examples" and "Confirm output includes expected status messages," but there are no listed commands, no expected outputs, and no guidance about environment or targets. The instructions are overly vague and grant the agent broad discretion to infer or execute commands, which increases risk.
Install Mechanism
This is an instruction-only skill with no install spec and no code files. That is low-risk from an installation perspective (nothing is downloaded or written to disk).
!
Credentials
For a ClawHub publish lifecycle test, one would expect required environment variables (registry credentials, CLI config paths) or at least a declared dependency on the ClawHub CLI. The skill declares none, which is disproportionate and suggests either missing metadata or an attempt to obscure needed credentials/targets.
Persistence & Privilege
The skill is not always-included and allows normal model invocation. It does not request persistent system-wide changes in its metadata; no privilege escalation flags are present.
What to consider before installing
Do not install or run this skill until the author provides concrete command examples, the exact CLI/tools it will run, and any required environment variables or credentials. Ask for: (1) the full list of commands the skill will execute, (2) expected output messages for verification, and (3) precise environment or registry credentials it needs. If you must test now, run the commands manually in an isolated environment (container or throwaway VM) and avoid giving credentials to the skill until you confirm its behavior. If the skill will be allowed to run autonomously, limit its permissions and monitor network and registry activity.

Like a lobster shell, security has layers — review code before you run it.

latestvk97e2y0t342n242wqry18azm5n81xzjp
443downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
@vacinc
latest
Download

e2e-repro2-1772127134

Purpose

Provides a deterministic end-to-end test skill for the ClawHub publish lifecycle.

When To Use

  • validating CLI publish/install/update/delete behavior
  • verifying registry and metadata round-trips

Usage

  1. Install the skill.
  2. Run the listed command examples.
  3. Confirm output includes expected status messages.

Notes

This skill is intentionally simple but includes enough concrete guidance to pass quality checks.

Comments

Loading comments...