ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

ClawhHub Skill Publisher

v1.0.0

Publishes a skill to ClawhHub — the Claude skills marketplace. Use this skill whenever the user wants to publish, release, or push a new version of a skill t...

0· 26·0 current·0 all-time
byXiaobing Mi@xingke2023
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the instructions: the SKILL.md only describes locating a local skill folder, reading SKILL.md frontmatter, running `clawhub inspect` and `clawhub publish`, and optionally updating the SKILL.md version. Those actions are coherent with a publisher skill.
!
Instruction Scope
The runtime instructions instruct the agent to list and read files in ~/.claude/skills/, run local CLI commands (clawhub inspect/publish), and optionally write back to SKILL.md. This is within the publisher's scope but introduces two risks: (1) the agent will access arbitrary files under the user's ~/.claude/skills/ path which may contain secrets or sensitive data; (2) the publish command interpolation uses user-provided strings (name, changelog, path) directly in shell commands with no guidance on escaping or sanitization — a command-injection risk if the agent or the input handling is naive.
Install Mechanism
Instruction-only skill with no install spec and no code files. No downloads or installs are requested, which minimizes additional risk.
Credentials
The skill declares no required environment variables or credentials. However, it assumes the presence of the `clawhub` CLI and that the CLI has stored authentication (e.g., via `clawhub login`). The skill will therefore indirectly use whatever credentials the user's clawhub CLI has — expected for this purpose but worth noting.
Persistence & Privilege
The skill is not always-enabled and does not request persistent platform privileges. It does propose modifying SKILL.md only with user consent; there is no indication it alters other skills or global agent settings.
What to consider before installing
This skill appears to do what it claims (publish a local skill), but it will run shell commands and read/write files under ~/.claude/skills/. Before installing or invoking it, consider: 1) Only use it if you trust the local `clawhub` CLI and any credentials it holds. 2) Be cautious about providing free-form changelog, name, or path text — these values may be interpolated into shell commands; treat inputs as untrusted or ensure the agent escapes them. 3) If any skills in ~/.claude/skills/ contain secrets, review them first or publish from a sanitized copy. 4) Prefer the agent to ask explicit confirmation before running the `clawhub publish` command and before writing back to SKILL.md. If you want a lower risk workflow, run the listed commands yourself in a shell rather than granting autonomous invocation.

Like a lobster shell, security has layers — review code before you run it.

latestvk974q3tr1afj86b0xx9baqg6h1845n0v

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments