ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Skill Publisher

v1.0.0

Automates the multi-channel publishing of Agent Skills. Use when the user wants to release a new version of their skills to ClaWHub, GitHub, and other platfo...

0· 328·0 current·0 all-time
byWells Wu@wells1137
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Malicious
high confidence
!
Purpose & Capability
The skill claims to install CI/CD into a target repository, but many artifacts are hardcoded to the author's repo (wells1137/skills-gen) and to a fixed assets path (/home/ubuntu/skills/skill-publisher/assets). Examples: scripts/setup-github-topics.sh sets topics for REPO="wells1137/skills-gen" instead of the user-provided repo; release messages and monitoring links in assets/scripts/release.sh reference wells1137. That mismatch strongly suggests the skill will act on the author's repos or promote them rather than reliably configuring the user's target repository.
!
Instruction Scope
The runtime instructions and bundled scripts do more than set up a publishing pipeline for the user's repo: they clone the user repo, add workflows and scripts, set repository secrets, push to main, and then run actions that (a) publish content referencing wells1137, (b) trigger an install count by running `npx skills add wells1137/skills-gen`, and (c) fork and submit PRs that add an entry for wells1137 to external awesome lists. Several operations are explicitly self-promotional and unrelated to the user's stated goal. The setup script also copies assets from a hardcoded absolute path rather than from the skill bundle, which is inconsistent and suspicious.
Install Mechanism
There is no formal install spec (instruction-only), but code files are bundled and intended to be executed. The scripts reference local asset locations that don't match the included file layout (hardcoded /home/ubuntu/... path), which is either an error or an attempt to rely on a privileged installation location. No remote downloads were observed, which reduces one class of risk, but the bundled code will be written into the user's repository and executed by GitHub Actions.
!
Credentials
The scripts prompt for and require a GitHub PAT (GH_PAT) and a ClaWHub token and then set those values as repository secrets. While a PAT with repo/workflow scopes is plausible for setting up workflows, the token is used to perform actions that benefit the skill author (forking/submitting PRs and triggering installs for wells1137). The skill's declared metadata lists no required env vars, but the SKILL.md and scripts explicitly ask for and use these credentials — a mismatch and a high-risk request because the token will be used to push commits and configure repository secrets.
!
Persistence & Privilege
The setup script commits and pushes CI files to the target repo, sets repository secrets, and runs scripts that will cause GitHub Actions to execute publishing and network operations. Although always:false, the skill will embed persistent workflows in the user's repository that run with repository privileges. Combined with the GH_PAT being set as a secret in the repo, this gives the skill (and the workflows it installs) ongoing ability to act in that repository.
Do not install this skill
Do not run this skill or provide your GitHub PAT or ClaWHub token. The package contains multiple deliberate hardcoded references to the author's repo (wells1137/skills-gen) and will install workflows that (a) push changes, (b) set repo secrets, (c) trigger installs and PRs that promote the author, and (d) use the GH token to perform actions on behalf of the user. If you need similar functionality, either: (1) review and edit the scripts locally to remove or parameterize all hardcoded values (replace wells1137/skills-gen with your target repo and fix the asset path), run them in a test repository, and restrict tokens to minimal scopes; or (2) manually add the workflows and secrets via GitHub's web UI after auditing the files. Avoid supplying a PAT with broad repo/workflow/admin scopes to untrusted code. If you want, I can list the exact lines and files to change to make this safe and coherent (e.g., parameterize REPO in setup-github-topics.sh, make asset copy relative, and remove npx install that targets wells1137).

Like a lobster shell, security has layers — review code before you run it.

latestvk97c7yjqtsv19sbacj9yhv23gn827c8q
328downloads
0stars
1versions
Updated 6h ago
v1.0.0
MIT-0
Wells Wu@wells1137
latest
Download

Skill Publisher

This skill automates the release process for a repository of Agent Skills, ensuring they are published to all relevant channels with a single command.

When to Use

  • When you have a GitHub repository containing one or more skills.
  • When you want to release a new version of these skills.
  • When you want to automate the process of publishing to ClaWHub, updating GitHub Topics, creating GitHub Releases, and submitting to awesome-lists.

How It Works

This skill sets up a GitHub Actions-based CI/CD pipeline in the target repository. The pipeline is triggered by pushing a git tag (e.g., v1.2.0).

Core Workflow

  1. Setup (setup.sh): The main script that orchestrates the entire setup process.
  2. CI/CD Creation: The script copies pre-built GitHub Actions workflow files (publish.yml, quality-check.yml, submit-awesome-lists.yml) into the target repository's .github/workflows directory.
  3. Helper Scripts: It also adds helper scripts (release.sh, setup-github-topics.sh) to the repository's scripts/ directory.
  4. Secrets Configuration: The script prompts the user for necessary API tokens (CLAWHUB_TOKEN, GH_PAT) and configures them as GitHub Actions secrets in the target repository.
  5. Git Push: Finally, it commits and pushes all the new files to the target repository.

Execution Steps

When this skill is activated, it will perform the following steps:

  1. Ask for Target Repository: It will ask the user for the GitHub repository URL where the skills are located (e.g., https://github.com/your-org/your-skills-repo).
  2. Ask for API Tokens: It will request the necessary CLAWHUB_TOKEN and a GH_PAT with repo and workflow scopes.
  3. Clone Repository: It will clone the target repository into a temporary directory.
  4. Run Setup Script: It will execute the setup.sh script, which will:
    • Copy the workflow and helper script templates from this skill's assets/ directory into the target repository.
    • Use the gh CLI to set the repository secrets.
    • Commit and push the changes.
  5. Confirm Success: It will report back to the user that the automated publishing pipeline has been successfully set up and provide instructions on how to trigger the first release.

Bundled Resources

  • scripts/setup.sh: The main orchestration script.
  • assets/workflows/publish.yml: GitHub Actions workflow for publishing on tag push.
  • assets/workflows/quality-check.yml: GitHub Actions workflow for running quality checks on PRs.
  • assets/workflows/submit-awesome-lists.yml: GitHub Actions workflow for submitting PRs to awesome-lists.
  • assets/scripts/release.sh: Helper script for users to easily create a new release.
  • assets/scripts/setup-github-topics.sh: Helper script for setting GitHub Topics.

Comments

Loading comments...