Skillv1.0.4

ClawScan security

find-skills-in-tencent-skillhub · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 13, 2026, 1:18 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is a thin wrapper around an existing CLI (skillhub) and its requirements and behavior match its description; no unexpected credential access or hidden exfiltration is present in the included files — verify you trust the external skillhub installer referenced in the README before proceeding.
Guidance: This skill is a safe, well-scoped wrapper around the 'skillhub' CLI and uses jq for JSON handling. Before installing/using it: (1) confirm you trust the skillhub installer linked in SKILL.md (the link points to a Tencent COS URL) — prefer official project releases or GitHub releases if available; (2) understand that the underlying skillhub CLI will access the network and will download/install code into ~/.openclaw/skills (installed skills can contain arbitrary code), so only install skills from sources you trust; (3) avoid passing untrusted JSON input to the wrapper; (4) if you want a higher-assurance review, provide the upstream skillhub binary/source or the installer URL contents so they can be inspected.

Purpose & Capability: okThe skill's name/description say it manages skills via the skillhub CLI and the only required binaries are 'skillhub' and 'jq', which is exactly what you'd expect. The script invokes skillhub subcommands and writes installed skills to ~/.openclaw/skills per the README.
Instruction Scope: okSKILL.md and scripts/usage.sh instruct only to parse a JSON argument and call the skillhub CLI. The script validates JSON, sanitizes inputs to reject shell metacharacters, uses safe array-based exec (no eval), and does not read unrelated files or environment variables. Note: the invoked skillhub CLI will perform network operations and write files when installing/upgrading skills, which is expected for this purpose.
Install Mechanism: noteThere is no packaged install spec (instruction-only), which is low-risk. However, SKILL.md directs users to an install guide hosted on a Tencent COS URL; you should verify that installer URL and the upstream skillhub distribution are trustworthy and official before running it.
Credentials: okThe skill requests no environment variables or credentials, which is proportionate for a CLI wrapper. The script itself does not access hidden env vars or secret paths.
Persistence & Privilege: okalways:false and no code requests elevated privileges or modifies other skills' configs. The skill will call skillhub which installs skills into ~/.openclaw/skills — that is expected and scoped to the user's profile.