ClawHub

Skill Publisher Verifier

v1.1.1

Check a ClawHub publisher's trust score before installing their skill. Returns TRUSTED, ESTABLISHED, NEW, or FLAGGED based on public signals. Free taster — f...

0· 162·0 current·0 all-time
by@ordo-tech

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for ordo-tech/skill-publisher-verifier.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Skill Publisher Verifier" (ordo-tech/skill-publisher-verifier) from ClawHub.
Skill page: https://clawhub.ai/ordo-tech/skill-publisher-verifier
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install skill-publisher-verifier

ClawHub CLI

Package manager switcher

npx clawhub@latest install skill-publisher-verifier
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill's name/description match what the SKILL.md and README instruct: fetch public ClawHub profiles and run web searches to produce a trust score. Required tools (web_fetch, web_search) are appropriate and no extra credentials or unrelated binaries are requested.
Instruction Scope
Instructions confine actions to fetching ClawHub profile pages and running web searches. One minor documentation inconsistency: the lite SKILL.md/free docs state only 3 free signals (no install volume), while SKILL-FULL describes additional signals (installs, stars, associations) that may rely on privileged or aggregated data not available from a single public profile; this is a product/feature distinction rather than an evidence of malicious behavior.
Install Mechanism
No install spec and no code files — instruction-only skill. No downloads or archive extraction are present, so there is no install-time code risk.
Credentials
The skill requires no environment variables or credentials. The requested access (network/web fetch and search) is proportionate to the stated purpose of verifying public publisher signals.
Persistence & Privilege
The skill does not request permanent presence or elevated privileges (always is false). It does not modify other skills or system configuration. Autonomous invocation is allowed by default but is not combined with any broad credential access.
Assessment
This skill is instruction-only and uses only public ClawHub profile pages plus web searches to produce a trust label; it does not ask for credentials or install code. Before relying on it: (1) understand the free vs paid signal gap — the free version only checks 3 signals and may return NEW when data is incomplete; (2) review any FLAGGED findings the agent surfaces manually (follow links) before installing a skill; (3) ensure your agent's web_fetch/web_search tools are trusted and network access is intentionally enabled; and (4) treat its output as advisory rather than definitive, especially when the skill reports NEW due to missing data or network errors.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cve7hzjcpz0n677s639z24984gp9m
162downloads
0stars
3versions
Updated 2w ago
v1.1.1
MIT-0
@ordo-tech
latest
Download

What this skill does

Before installing a skill, check who published it. This skill fetches the publisher's public ClawHub profile and returns a trust score with a plain-English summary.

Signals included (free version):

  • ✅ Skills published (catalogue size)
  • ✅ Account age
  • ✅ Flagged or deleted skills

Not included (full version — Security Pack):

  • Total install volume across catalogue
  • Stars and community endorsement signals
  • External flag detection (forum reports, ClawHavoc-era incidents)
  • Known associations with banned publishers
  • Automated cross-referencing with co-author/fork relationships

Get the full signal set → ClawHub Security Pack

Trust scores

ScoreMeaning
TRUSTEDStrong catalogue, long track record, no flags
ESTABLISHEDActive author, reasonable history
NEWRecent account or thin catalogue — proceed with caution
FLAGGEDKnown flags, deleted skills, or suspicious activity

Usage

"Check @rapid-skills-99 before I install their skill" "Verify the publisher of clawhub.com/skills/some-skill" "Is @ordo-tech safe to install from?"

Output format

Publisher: @{handle}
Trust Score: TRUSTED | ESTABLISHED | NEW | FLAGGED

Signals (free — 3/7):
- Skills published: {n}
- Flagged/deleted skills: {n}
- Account age: {n} months

Summary: {1–2 sentence verdict}
Recommendation: Install / Install with caution / Do not install

---
*Full 7-signal check: https://theagentgordo.gumroad.com/l/clawhub-security-pack*

Requirements

  • web_fetch — to retrieve publisher profile from clawhub.com
  • web_search — secondary check for external flags
  • No API keys required. Uses public profile data only.

Support

https://clawhub.com/@ordo-tech | Full Security Pack: https://theagentgordo.gumroad.com/l/clawhub-security-pack

Comments

Loading comments...