Skillv1.0.1

ClawScan security

Clawhub Publishing Mother Skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 13, 2026, 7:46 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's documentation describes publishing, promotion and cross-platform tracking (GitHub, Twitter, OpenClaw) but the package declares no required CLI, credentials, or installs — the declared surface and the runtime needs don't line up.
Guidance: This skill's README instructs the agent to publish, post to social media, and track metrics, but the package metadata doesn't declare the external tools or credentials required. Before installing or running it: 1) Ask the publisher to provide a clear list of required binaries (e.g., hermes) and exact environment variables/permissions needed (GitHub token, Twitter API key, OpenClaw auth) and the minimum scopes for those tokens. 2) Verify the referenced repository URL and inspect its code/content yourself (the registry package contains only docs). 3) Ensure any tokens you supply are least-privilege and created specifically for this use. 4) Run actions in dry-run mode first (the docs show --dry-run) and test in an isolated account/environment to confirm no unexpected network activity. 5) If you can't verify the hermes tool or the publisher, treat the skill as untrusted — do not provide high-privilege credentials or run publishing operations from sensitive accounts.

Review Dimensions

Purpose & Capability: concernThe skill's stated purpose (publish to OpenClaw, post to Twitter, track GitHub stars, schedule engagement) implies use of external services and a CLI called 'hermes', but the registry metadata lists no required binaries, no required env vars, and no install steps. Either the SKILL.md assumes external tooling/credentials will magically exist, or the metadata is incomplete — this is an incoherence.
Instruction Scope: noteRuntime instructions direct the agent to run hermes CLI commands that publish, promote, post to social platforms, and collect metrics. The instructions do not tell the agent to read arbitrary local files or include explicit exfiltration endpoints, but they do command actions that will access external services and potentially use/require credentials (GitHub, Twitter, OpenClaw). The SKILL.md gives broad actions (publish, post, track) without specifying required permissions or where data/metrics are sent.
Install Mechanism: okThis is an instruction-only skill with no install spec and no code files — low direct installation risk. Nothing new would be written to disk by the skill package itself.
Credentials: concernThe skill requires capabilities that normally need credentials (GitHub tokens, Twitter API keys, OpenClaw auth) and a 'hermes' CLI on PATH, yet the metadata declares no required env vars or binaries. That omission is disproportionate and makes the manifest misleading: users should expect to need external API tokens and CLI availability to perform the described actions.
Persistence & Privilege: okThe skill does not request 'always: true' and is user-invocable only; it does not declare persistent privileges or modifications to other skills' configurations. Autonomous invocation is allowed (default) but not, on its own, a flagged issue here.