Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Pubblue
v5.1.2Publish and visualize output via the pubblue CLI, with live P2P browser sessions.
⭐ 0· 554·0 current·0 all-time
byMichael Nome@xmanatee
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description (publish & live P2P visualization) match the runtime instructions: SKILL.md only describes using the pubblue CLI to create/list/update/delete pubs and run a daemon for live browser-initiated P2P sessions. Nothing in the instructions asks for unrelated credentials or capabilities. However, the skill provides no source/homepage and relies on an external npm package (pubblue) that is not included in the bundle — the provenance of that CLI is unknown.
Instruction Scope
The instructions tell the agent to install/run the pubblue CLI and to store an API key (via pubblue configure) in a config file under ~/.openclaw/pubblue/config.json (or a directory overridden by PUBBLUE_CONFIG_DIR). The daemon bridges into OPENCLAW_WORKSPACE by default, and live sessions establish P2P/browser connections. These behaviors are consistent with the feature set, but they also give the externally installed CLI potential access to agent workspace files and to networked peers. The SKILL.md also demonstrates reading local files (notes.md, /tmp/view.html) and describes consumptive reads — all reasonable for publishing but worth noting as data exposure vectors.
Install Mechanism
This is an instruction-only skill (no install spec). SKILL.md recommends installing pubblue via npm (npm i -g pubblue@latest) or using npx. That means code will be pulled from the public npm registry at runtime; the skill package itself doesn't contain or vet that code. Using npx can execute remote packages transiently, increasing the risk if the npm package is malicious or compromised.
Credentials
The manifest declares no required env vars or credentials, which is proportional. The runtime docs reference PUBBLUE_CONFIG_DIR and OPENCLAW_WORKSPACE env vars as overrides and instruct storing an API key in a config file. Requiring an API key for the pub.blue service is expected, but persisting that key under the agent workspace (default ~/.openclaw/...) or allowing the CLI to access workspace files increases the blast radius for accidental secret exposure.
Persistence & Privilege
The skill does not request always:true and does not declare system-wide installs itself. Autonomous invocation is allowed (platform default). The skill will persist an API key in its own config file by design, which is normal for a CLI client, but note the default config path is inside the agent's home (~/.openclaw), which could allow access to other agent artifacts if the CLI is compromised.
What to consider before installing
This skill appears to do what it says (publishing and live P2P visualization), but exercise caution before installing and running the external pubblue CLI: 1) There is no source or homepage included in the skill bundle — verify the npm package and its source repository (pub.blue / npm) before installing. 2) Installing via npm or using npx will execute third-party code; prefer inspecting the package source first or installing in a disposable/sandbox environment. 3) The CLI stores an API key in a config file under ~/.openclaw/pubblue by default and can access the agent workspace (OPENCLAW_WORKSPACE); to reduce risk, set PUBBLUE_CONFIG_DIR to a sandboxed directory and avoid placing secrets in shared workspaces. 4) Live mode establishes P2P/browser sessions — only use with trusted peers and in environments where outbound/inbound connections are acceptable. If you need higher assurance, ask the skill author for the CLI source repo or a signed release and audit the package before granting it any credentials or access.Like a lobster shell, security has layers — review code before you run it.
latestvk9764y8v5k3kf2pq39jzv52c9582f1ea
License
MIT-0
Free to use, modify, and redistribute. No attribution required.