Skill Publisher
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill mostly matches its publishing purpose, but its publish script can run unintended local shell commands because it uses unsafe eval on user-controlled skill data.
Use caution before installing or running this skill. Its overall purpose is legitimate, but do not run `publish.sh` on untrusted skill folders until the unsafe `eval` command is removed. Review generated files yourself, verify your ClawHub login and publish target, and do not rely on the included security scan as a full audit.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Publishing a crafted or untrusted skill folder could run commands on the user's machine, not just upload the skill to ClawHub.
The command string includes user-controlled arguments and a name read from the target skill, then is re-parsed by `eval`. Values containing shell syntax such as command substitutions could execute local commands.
PUBLISH_CMD="clawhub publish \"$SKILL_DIR\" --slug \"$SLUG\" --version \"$VERSION\"" ... PUBLISH_CMD="$PUBLISH_CMD --name \"$SKILL_NAME\"" ... eval "$PUBLISH_CMD"
Remove `eval` and execute an argument array instead, for example `cmd=(clawhub publish "$SKILL_DIR" --slug "$SLUG" --version "$VERSION")` followed by `"${cmd[@]}"`; also validate slug, version, changelog, and SKILL.md name.
If run, the skill can publish content under the logged-in ClawHub account.
Publishing uses the user's authenticated ClawHub identity. This is expected for a publisher skill, but it can mutate public/account state.
Pushes to ClawHub. Requires `clawhub login` first.
Only publish folders you have reviewed, verify the target account, slug, and version, and avoid running the publish script on untrusted skill folders until the eval issue is fixed.
A user may over-trust the scan result and publish a skill that still contains risky code.
The scanner skips files with several common script basenames and may still print a broad success message. This makes it a limited heuristic scan, not a complete security review.
[[ "$(basename "$file")" =~ ^(security-scan|publish|validate|scaffold)\.sh$ ]] && continue ... echo "✅ No security issues detected!"
Treat this scanner as a lightweight lint check only; scan all files in the target skill and use an independent review before publishing.