Skill Publish Vetter
v1.1.0Pre-publish privacy scan for ClawHub skills. Detects tokens, keys, credentials, .env secrets, personal info, and internal IPs before publishing.
Skill Publish Vetter 🛡️
Pre-publish privacy scan for ClawHub skills.
Every skill must pass this scan before publishing to ClawHub.
When to Use
- User says "publish skill to ClawHub"
- User says "upload skill to ClawHub"
- User says "update skill on ClawHub"
- Any request to submit a skill to a public registry
Core Principle
Publishing to ClawHub = publicly visible. Any leaked secret is exposed to the world.
Better safe than sorry. Even if the scan passes, always ask for user confirmation before publishing.
Publish Workflow (Mandatory)
When the user requests a publish/upload/update to ClawHub, follow these steps strictly:
Step 1: Identify the Target Skill
- If the context clearly identifies the target skill, proceed.
- Otherwise, ask the user which skill to publish.
Step 2: Run the Privacy Scan
The scan script lives in this skill's scripts/publish-check.sh. Run it from this skill's directory:
bash scripts/publish-check.sh <target-skill-directory>
It scans for:
| Category | Detection Pattern | Example |
|---|---|---|
| Tokens / Keys | sk-, ghp_, github_pat_, gpg_, xoxb-, glpat-, JWT tokens | sk-abc123... |
| API Keys | api_key, apikey, API_KEY, access_token with actual values | API_KEY=abc123 |
| Passwords | password, passwd, pwd with non-placeholder values | password=mysecret123 |
| Private Keys | BEGIN.*PRIVATE KEY | PEM private key |
| Public Keys | BEGIN.*PUBLIC KEY, ssh-rsa long strings | SSH public key |
.env Values | .env files with actual (non-placeholder) assignments | .env: DB_PASS=real_password |
| Hardcoded Creds | Authorization: Bearer with real tokens | curl -H "Authorization: Bearer sk-xxx" |
| Personal Emails | Non-placeholder, non-org emails | zhangsan@gmail.com |
| Personal Paths | /home/username/, /Users/username/ absolute paths | /Users/weidongkl/.ssh/id_rsa |
| Internal IPs | 192.168.x.x, 10.x.x.x, 172.16-31.x.x | https://192.168.1.100:8080 |
Step 3: Output the Full Report
Output the complete scan report to the chat. Do not summarize or omit anything.
Step 4: Secondary Confirmation (Required)
Always ask for confirmation before publishing — even if the scan is clean.
Confirmation message must include:
- Skill name
- Skill directory path
- Full scan report
- A clear confirmation prompt
Template:
📋 Publish Confirmation
Skill: <name>
Path: <directory>
Version: <version>
Scan Result: <PASS / ISSUES FOUND>
[Full report here]
Reply "yes" or "confirm" to proceed with publishing, or "cancel" to abort.
Step 5: Wait for User Response
- "yes" / "confirm" / "ok" / "go" → proceed to Step 6.
- "cancel" / "no" / "stop" → abort. Do nothing.
- No response → do not publish. Wait.
Never skip confirmation. Never auto-publish.
Step 6: Publish
After confirmation:
clawhub publish <skill-directory> --slug <slug> --name "<name>" --version "<version>" --changelog "<changelog>"
Ask the user for slug, name, version, and changelog if not provided.
Step 7: Report Result
Tell the user whether publishing succeeded or failed.
Risk Levels
| Level | Meaning | Action |
|---|---|---|
| 🚨 CRITICAL | Token, key, password, private key with actual values | Block publish. User must fix first. |
| ⚠️ WARNING | Personal email, personal path, internal IP | Recommend fixing before publishing. |
| 💬 INFO | author, repository identity fields, metadata env exposure | Ask user if intentionally public. |
Red Lines (Auto-Block)
If any of these are found, refuse to publish by default:
- Any token with actual values (Bearer tokens, API keys, Access tokens)
- Any private key content (PEM format, SSH private keys)
- Any password/credential with actual values (not placeholders)
.envfiles with actual configuration values- Hardcoded internal IPs or domains
- Base64-encoded sensitive data
If the user explicitly says "publish anyway despite risks", re-confirm once before proceeding.
Placeholder Reference
Use these placeholders when fixing issues:
| Type | Placeholder |
|---|---|
| Token | your-api-token / <YOUR_TOKEN> |
| API Key | your-api-key / <API_KEY> |
| Password | your-password / <PASSWORD> |
you@example.com / <YOUR_EMAIL> | |
| Username | your-username / <USERNAME> |
| URL | https://your-server.example.com |
| IP | your-server-ip |
Scan Script
The script is at scripts/publish-check.sh relative to this skill's directory. It uses no absolute paths and works in any installation location.
bash scripts/publish-check.sh <target-skill-directory>
Safety first, publishing second. Never publish without confirmation. 🛡️