ClawHub

Clawhub Search

v1.0.0

ClawHub Skill Discovery and Search. Find, browse, and install OpenClaw Skills from ClawHub marketplace. Triggers: search skills, find skills, clawhub, instal...

0· 65·0 current·0 all-time
by@sky-lv
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the SKILL.md: it documents searching, browsing, recommending, and guiding installation of OpenClaw skills. Minor metadata omission: the SKILL.md lists Node.js 18+ and OpenClaw CLI as preconditions, but the registry metadata did not declare required binaries—this is a small inconsistency but not a functional mismatch.
Instruction Scope
Instructions stick to the marketplace use-case: calling ClawHub API endpoints, listing skills, and showing npx-based install/remove/sync commands. There are no instructions to read local files, access unrelated environment variables, or transmit unrelated data.
Install Mechanism
There is no install spec in the registry (instruction-only), which is low risk. The SKILL.md recommends using 'npx clawhub@latest', which will fetch and run code from the npm registry at runtime—this is expected but worth noting because npx executes remote package code.
Credentials
The skill declares no required env vars or credentials and the instructions do not request secrets. The SKILL.md references public API endpoints; it does not mention any API key requirement (if these endpoints require auth, that omission should be clarified).
Persistence & Privilege
The skill is user-invocable, not always-enabled, and does not request persistent or elevated privileges. Autonomous invocation is allowed by platform default (disable-model-invocation is false) but is not compounded by other risky requests.
Assessment
This skill appears to do what it says — help find and guide installing OpenClaw skills. Before using: (1) verify ClawHub URLs (https://clawhub.ai and api.clawhub.ai) are the official endpoints you expect; (2) be cautious running 'npx ...@latest' because npx will fetch and execute package code from the npm registry—prefer pinning a specific version if you can; (3) ensure your Node.js and OpenClaw CLI meet the stated preconditions; (4) if any ClawHub endpoints require authentication, confirm where credentials are stored and avoid entering secrets unless you trust the package. If you want tighter control, run installation commands yourself rather than allowing autonomous execution.

Like a lobster shell, security has layers — review code before you run it.

latestvk97eyxvfjryp2r6pcan9dgjjy184msze

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments