Clawhub Search & Verify
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill has a plausible search-and-approval purpose, but it overstates its safety and verification while the included script runs CLI commands, writes a log, and labels trust mainly from download counts.
Review this skill before use. Its goal is reasonable, and it does not show exfiltration or automatic installation, but its safety claims do not match the included script. If you use it, assume it can run the local clawhub CLI, use your logged-in Clawhub session, and write a search log; do not rely on the 'Trusted' label without an independent security review of the target skill.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
You may believe the skill cannot run commands or write files when it actually can run a local CLI command and store search terms.
This safety claim is contradicted by cli-wrapper.sh, which runs the clawhub CLI through Bash and appends to logs/clawhub-search.log. Users could overestimate the sandboxing and lack of side effects.
Runs in sandboxed session with no filesystem write or exec capability ... Tags: safe, automation, verify, no-shell, trusted
Do not rely on the no-shell/no-write claims unless the documentation and metadata are corrected to match the actual helper behavior.
A popular but unsafe skill could be labeled as trusted, encouraging installation based on a weak signal.
The advertised verification/risk signal is based only on download counts, not on a security review, permissions, provenance, or the ClawScan-style risk details implied by the skill's purpose.
# Risk score: low if downloads > 1000, medium if > 100, high if < 100 ... RISK="✅ Trusted"
Treat the displayed risk labels as popularity hints only and independently review a skill's permissions, provenance, and security findings before approving installation.
If you approve an install, a new skill may gain capabilities in your OpenClaw environment.
The skill is explicitly designed to lead to installing other skills through a CLI after user approval. That is purpose-aligned, but it is still a high-impact action because it changes the agent environment.
NEVER installs without your yes confirmation ... only read-only clawhub search and install via CLI
Only approve an exact slug/version after reviewing the target skill's details and risk information outside this wrapper's popularity-based label.
The skill may fail unexpectedly or rely on local tooling/authentication that was not declared up front.
The helper requires the clawhub CLI and a logged-in session, but the registry metadata lists no required binaries, environment variables, or primary credential.
RESULTS=$(clawhub search "$SEARCH_TERM" --limit 3 2>/dev/null) ... Run clawhub login first.
Require the publisher to declare the clawhub CLI and login/session dependency in the metadata.
Approved actions may use your Clawhub account authority to search or install skills.
Using the logged-in clawhub CLI means actions occur under the user's existing Clawhub account/session permissions, even though no credential requirement is declared.
Error: clawhub CLI not installed or logged in. Run clawhub login first.
Use a properly scoped account/session and avoid approving installs unless you understand which account permissions will be used.
Private or sensitive search terms could remain in a local log file.
The helper persists user search terms locally. This is disclosed in general as logging, but it contradicts the no-filesystem-write claim and may retain private search intent.
LOG_FILE="logs/clawhub-search.log"; echo "$(date -u): SEARCH: $SEARCH_TERM" >> "$LOG_FILE"
Avoid entering sensitive terms, or configure/clear the log path if you use the skill.