ClawHub Skill Publisher
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill mostly matches its publishing purpose, but its batch sync and dry-run behavior can use a ClawHub account token and perform broader actions than the safety wording suggests.
Use this only if you intend the agent to publish to ClawHub. Review the target directory before batch sync, run previews knowing they may still log in, avoid `--skip-preflight`, protect `~/.openclaw/.env`, use a scoped token if available, and keep the registry set to trusted ClawHub domains.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken root path or unreviewed local skill could be uploaded or version-bumped in bulk.
The batch workflow syncs every skill under the chosen root and can bump versions after authentication. The script does not show the publish script's secret/CJK preflight checks or a confirmation step before this bulk action.
ROOT="${HOME}/.openclaw/workspace/skills" ... cmd=(clawhub sync --root "$ROOT" --all --bump "$BUMP" --tags "$TAGS") ... "${cmd[@]}"Run `--dry-run` first, restrict `--root` to a reviewed directory, and add the same preflight checks or an explicit confirmation gate to the batch sync path.
A user expecting a no-side-effect preview may still authenticate to ClawHub and create or reuse a privileged publishing session.
`ensure_authenticated` runs before the dry-run branch, and that function can execute `clawhub login --token "$CLAWHUB_TOKEN" --no-browser`. This means a dry run can still use the account token/session even though the docs describe dry-run as only printing or previewing.
ensure_authenticated cmd=(clawhub publish "$SKILL_PATH" ...) if [[ "$DRY_RUN" == "true" ]]; then printf '[dry-run] '
Move dry-run handling before authentication, or clearly document that dry-run still logs in. Use a scoped, rotatable token and only point `--registry` at trusted ClawHub domains.
Users may rely on advertised safeguards and accidentally sync skills containing secrets or disallowed content.
The safety wording broadly suggests publishing is protected by preflight checks, but the supplied batch sync script directly runs `clawhub sync --all` and does not implement those shown checks. This can overstate the protection users get during bulk sync.
Runs preflight checks before publish ... Default policy blocks common secret patterns before publishing ... Batch sync local skills
Clarify that preflight checks apply only to the single-skill publish path unless batch sync is updated to run the same checks.
Users may not see the credential and CLI requirements until they read the skill instructions or run the scripts.
The metadata does not declare the `clawhub` and `python3` runtime dependencies or the ClawHub token flow that the scripts use. SKILL.md discloses the main requirements, but automated install/capability review may miss them.
Required binaries (all must exist): none ... Required env vars: none ... Primary credential: none ... No install spec — this is an instruction-only skill.
Declare required binaries and the ClawHub token/session requirement in metadata so users and automated reviewers can see them before installation.