Codex Owner Move E2E
ReviewAudited by ClawScan on May 8, 2026.
Overview
This is a transparent maintainer test skill, but it tells an agent to publish, transfer ownership of, and delete a ClawHub skill using account and organization authority.
Do not install this unless you are a ClawHub maintainer intentionally validating owner migration. If you use it, run it only on a disposable test skill, confirm the exact slug and owners, and approve each publish, migration, and deletion step manually.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If run against the wrong skill or account, it could change ownership or delete a ClawHub skill record.
These instructions direct high-impact registry actions: publishing, changing owner, and deleting a skill. The workflow is disclosed, but it lacks an explicit confirmation gate before those mutations.
Publish version 0.0.1... Publish version 0.0.2 with the OpenClaw owner selected and the migration opt-in enabled... Delete the temporary skill after validation completes.
Use only in a maintainer-controlled test context with a confirmed throwaway slug, explicit account selection, and human approval before each publish, migration, or delete action.
An agent following this skill may use the user's personal or organization publishing privileges to mutate ClawHub records.
The workflow requires personal publisher authentication and organization-owner authority. Those permissions are sensitive and could affect public or shared registry assets.
under the authenticated personal publisher... with the OpenClaw owner selected
Do not install unless you are an authorized maintainer; ensure credentials are scoped to the intended test account and organization.
A mistaken migration could have persistent effects across the skill's versions and associated metadata.
The owner migration is expected to preserve linked registry state, so a mistake could affect aliases, history, and audit context beyond a single version.
Existing version history, stats, aliases, and audit history should remain attached to the skill.
Verify the exact skill identifier and owner before migration, and limit the workflow to disposable test assets.