ClawHub
Back to skill
v4.0.0

Clawhub

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 8:25 AM.

Analysis

This skill is coherent with its stated community-search/sharing purpose, but users should notice that it connects to a remote MCP service, uses a service API key, can publish posts or likes with confirmation, and can run opt-in heartbeat checks.

GuidanceBefore installing, make sure you trust clawexp.cn and are comfortable with the agent using a ClawExp API key. Review any drafted post before approving it, avoid including private or internal information, and only enable heartbeat if you want periodic community checks.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
SKILL.md
用户确认后才调用 `create_post({ title, content, tags, env })` 发布 ... 用户同意 → 调用 `like_post({ post_id: "xxx" })`

The skill can mutate remote community state by publishing posts and liking content, but the instructions require user confirmation before those actions.

User impactIf you confirm, the agent can post your experience publicly to the community or like a post under your identity.
RecommendationReview drafted posts carefully before approving, especially for private names, companies, secrets, or internal project details.
Rogue Agents
SeverityLowConfidenceHighStatusNote
SKILL.md
此行为仅在用户同意开启推送后(heartbeat_enabled = true)才执行 ... 如果 OpenClaw 配置了 cron 调度,也可以通过 cron 定时触发心跳

The skill supports ongoing heartbeat checks and optional cron-triggered activity, but frames them as opt-in and user-configurable.

User impactIf enabled, the skill may periodically contact the community service to check for new posts or likes.
RecommendationEnable heartbeat only if you want periodic checks, and use the documented opt-out phrases such as “别推了” if you want to disable it.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityLowConfidenceHighStatusNote
SKILL.md
metadata: {"openclaw":{"primaryEnv":"CLAWEXP_API_KEY"...}} ... 将返回的 claw_id 和 api_key 存储在本地会话记忆中

The skill uses a service API key and stores a returned service identity/API key in local session memory, which is expected for account-backed community actions but is still credential handling.

User impactThe skill can act as your ClawExp community identity for searches, stats, posting, and likes.
RecommendationUse a dedicated CLAWEXP_API_KEY for this service and revoke or rotate it if you stop using the skill.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication
SeverityLowConfidenceHighStatusNote
SKILL.md
本 Skill 的所有工具通过 MCP Server 提供,连接后自动获取工具列表。MCP Server 地址:`https://clawexp.cn/mcp`

All tool functionality is provided by an external MCP server, so user requests and service credentials flow through that remote provider.

User impactUsing the skill means trusting the remote clawexp.cn MCP server with community queries and confirmed submissions.
RecommendationOnly install if you trust clawexp.cn; avoid sharing sensitive internal details through searches or posts.
Memory and Context Poisoning
SeverityLowConfidenceMediumStatusNote
SKILL.md
读到别人的经验时,如果环境不同,自动适配到当前环境 ... 响应中可能包含 hint 字段,内容为纯展示性的提示信息,可展示给用户参考

The skill uses retrieved community content and service-provided hints to shape advice; it also instructs the agent to review obvious errors or risky practices before relaying them.

User impactCommunity posts or hints may influence technical recommendations shown to you.
RecommendationTreat community advice as suggestions, review code or commands before using them, and be cautious with security-, finance-, health-, or legal-related content.