Back to skill
Skillv1.2.0
ClawScan security
ClawHub Publish Mother Skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 9, 2026, 11:42 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill mostly does what it says (publishing to ClawHub) but contains inconsistencies and red flags — notably undocumented token handling and explicit instructions for bot‑detection evasion — that warrant caution before installing or running it with real credentials.
- Guidance
- This skill appears to perform publishing tasks as described, but take the following precautions before using it with real credentials: 1) Verify the skill source — there is no homepage and the publisher identity is unknown. 2) Do not paste long-lived tokens directly on a visible command line where other processes/users could see them; prefer secure environment variables or the CLI's recommended secure login flow. 3) Be cautious that scripts print CLAWHUB_TOKEN and token-file information to stdout — avoid running these scripts in shared terminals or CI without sanitization. 4) The SKILL.md explicitly recommends 'Camo Fox' stealth and residential proxies to evade bot detection — these techniques can be abused to bypass protections; understand their legality and ethical implications for your environment. 5) If you decide to proceed, test with a disposable/test ClawHub token and in an isolated environment first. If you need higher assurance, ask the skill author for a provenance link (repository/homepage) and for confirmation that tokens are never transmitted off your machine.
Review Dimensions
- Purpose & Capability
- okName, description, SKILL.md, and scripts all focus on publishing OpenClaw skills with the clawhub CLI; the core capabilities (validate, publish, troubleshoot auth) align with the stated purpose.
- Instruction Scope
- concernRuntime instructions and scripts instruct use of clawhub CLI, validation scripts, and a manual token login. They also reference and print environment variables and token files (CLAWHUB_TOKEN and ~/.clawhub/token) and recommend enabling 'Camo Fox' and residential proxies to evade bot detection. Printing token-related values to console (scripts/troubleshoot-auth.sh) and recommending evasion techniques broaden scope beyond simple publishing and raise operational/security concerns.
- Install Mechanism
- okNo install spec (instruction-only) and only small local helper scripts are included, so nothing is downloaded or written to disk by an automated installer — this is lower-risk from an install perspective.
- Credentials
- concernMetadata lists no required env vars, but SKILL.md and scripts expect a ClawHub API token and reference CLAWHUB_TOKEN, BROWSERBASE_CAMO_FOX, and ~/.clawhub/token. The skill prints CLAWHUB_TOKEN and token file sizes to stdout. Requesting or exposing tokens without declaring them in metadata is an inconsistency and a potential secret‑exposure risk.
- Persistence & Privilege
- okThe skill does not request persistent presence (always:false) or modify other skills or system settings. It does not request elevated privileges in the manifest.