ClawHub

Decomposes complex user requests into executable subtasks, identifies required capabilities, searches for existing skills at skills.sh, and creates new skills when no solution exists. This skill should be used when the user submits a complex multi-step request, wants to automate workflows, or needs help breaking down large tasks into manageable pieces.

v1.0.0

Decomposes complex user requests into executable subtasks, identifies required capabilities, searches for existing skills at skills.sh, and creates new skills when no solution exists. This skill should be used when the user submits a complex multi-step request, wants to automate workflows, or needs help breaking down large tasks into manageable pieces.

10· 6.6k·52 current·57 all-time
by@10e9928a
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description describe decomposition, capability mapping, skill discovery and generation; the SKILL.md, README, templates, and capability reference all align with that purpose. No unrelated binaries, env vars, or config paths are requested.
Instruction Scope
Instructions stay within the declared purpose (decompose tasks, map capabilities, run searches with the Skills CLI, and scaffold new skills). They do instruct the agent/operator to run npx skills find/add/init which will download and install third‑party skill code when used — this is coherent with the skill's role but increases execution/installation scope at runtime and requires care (see user guidance). The instructions do not direct reading arbitrary system files or undeclared env vars.
Install Mechanism
Instruction-only skill with no install spec and no included code to execute. The skill itself will not write files or fetch remote archives. Risk comes from following its recommended npx commands later to add other skills (this is expected for the purpose).
Credentials
Requires no environment variables or credentials. Example workflows mention using service credentials (email, Slack webhooks) only as examples; the skill does not request or require unrelated secrets.
Persistence & Privilege
always:false and no requests to modify other skills or system-wide agent settings. Normal autonomous invocation is allowed by default (not flagged alone).
Assessment
This skill appears internally consistent and is instruction-only, but it recommends using the Skills CLI (npx skills find/add/init) to discover and install other skills. Installing those discovered/generated skills will run third‑party code and may prompt for service credentials (Slack webhooks, email logins, etc.). Before following its install suggestions: (1) require user confirmation before the agent runs npx commands or installs new skills, (2) review any discovered/generated skill code and its README for required permissions and secrets, (3) avoid supplying sensitive credentials to newly installed skills without auditing them, and (4) restrict autonomous installs if you don't want the agent to fetch/execute external packages without explicit approval.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fy2aw5q62zk40w24q5targ980fdaw

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments