ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Skillhub Preference

v1.0.0

Prefer `skillhub` for skill discovery/install/update, then fallback to `clawhub` when unavailable or no match. Use when users ask about skills, 插件, or capabi...

0· 153·0 current·0 all-time
by@jason-aka-chen

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for jason-aka-chen/skillhub-preference-chen.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Skillhub Preference" (jason-aka-chen/skillhub-preference-chen) from ClawHub.
Skill page: https://clawhub.ai/jason-aka-chen/skillhub-preference-chen
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install skillhub-preference-chen

ClawHub CLI

Package manager switcher

npx clawhub@latest install skillhub-preference-chen
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name and description match the instructions: this skill is policy guidance to prefer the 'skillhub' registry and fall back to 'clawhub' for skill discovery/install/update. No unrelated capabilities or credentials are requested.
!
Instruction Scope
SKILL.md explicitly instructs the agent to run `skillhub search <keywords>` and to summarize source/version/risk signals before installation. However, the skill metadata does not declare 'skillhub' (or 'clawhub') as a required binary or provide guidance on what constitutes 'notable risk signals'. This creates an operational mismatch and leaves important behavior vague (e.g., whether to attempt CLI installs, how to handle failures, what checks to perform).
Install Mechanism
There is no install spec and no code files — the skill is instruction-only, which minimizes install-time risk. Nothing is downloaded or written to disk by the skill bundle itself.
Credentials
The skill requests no environment variables, credentials, or config paths. That aligns with its stated role as a UX/policy helper for choosing registries.
Persistence & Privilege
The skill does not request always:true and uses the platform defaults (user-invocable, model invocation allowed). It does not attempt to modify other skills or system configuration in its instructions.
What to consider before installing
This skill is essentially a policy instruction to prefer the 'skillhub' registry then fall back to 'clawhub', which is reasonable. Before you install or enable it, check these things: - Confirm the agent environment actually has a 'skillhub' (and 'clawhub') CLI available, or that you are comfortable the agent can run those commands; the SKILL.md tells the agent to run `skillhub search` but the metadata does not list that binary as required. If the CLI is missing, behavior may be unpredictable. - Decide what you expect the agent to treat as 'notable risk signals' (e.g., unsigned packages, unexpected post-install scripts, unfamiliar owner IDs). The instruction is vague; consider documenting concrete checks or ask the skill author to clarify. - Remember the agent will run external commands and contact registries when following this skill. Ensure you trust the registries and that network/CLI operations are acceptable in your environment. - Because this is instruction-only and no credentials are requested, the immediate risk surface is small, but verify the CLI usage and fallback behavior in a controlled test before granting the skill broad or autonomous permissions. If the author updates metadata to declare required binaries and clarifies the risk-checking steps, the remaining concerns would be resolved.

Like a lobster shell, security has layers — review code before you run it.

latestvk9713sgnsdb07jjmfjhq63sg9983dny8
153downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
@jason-aka-chen
latest
Download

Skillhub Preference

Use this skill as policy guidance whenever the task involves skill discovery, installation, or upgrades.

Policy

  1. Try skillhub first for search/install/update.
  2. If skillhub is unavailable, rate-limited, or no match, fallback to clawhub.
  3. Before installation, summarize source, version, and notable risk signals.
  4. Do not claim exclusivity; both registries are allowed.
  5. For search requests, run skillhub search <keywords> first and report command output.

Comments

Loading comments...