TOSR Publish Then Update Test
PassAudited by VirusTotal on May 6, 2026.
Overview
Type: OpenClaw Skill Name: tosr-test-pub-update-1778050448 Version: 0.2.0 The skill bundle consists of metadata and documentation for an automated integration test (tosr-test-pub-update-1778050448) used to verify the lifecycle of skills on the clawhub API. There is no executable code or malicious instruction present; the content is purely descriptive of a testing process and lacks any high-risk indicators.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked with valid ClawHub authority, the agent could create, update, or delete registry content rather than only inspect information.
This documents real state-changing API operations, including create, update, and delete, without artifact-level approval or containment guidance.
This skill validates the following operations against the real clawhub API: ... Publish — Creates a new skill via POST /api/v1/skills ... Update — Publishes a new version ... Delete — Removes the skill via DELETE /api/v1/skills/{slug}Only run this in an isolated test environment with a dedicated test account/token, and require explicit user confirmation before any publish, update, or delete action.
A user or agent might rely on ambient ClawHub credentials or an existing session for test mutations without a clearly declared permission scope.
The artifact set declares no credential boundary, while the SKILL.md-described real API publish/update/delete operations would require delegated ClawHub account privileges.
Required env vars: none; Env var declarations: none; Primary credential: none
Declare the required credential and scope, use a dedicated low-privilege test identity, and document exactly which account and slug may be modified.
Failed cleanup could leave test skills or versions visible in the registry after the intended test run.
The skill acknowledges that cleanup can fail and leave artifacts in the shared ClawHub registry.
This skill is ephemeral and will be automatically deleted after the test completes. If you see this skill listed on clawhub, it means a test run failed to clean up properly.
Verify cleanup manually after use and prefer isolated test namespaces or accounts so failed cleanup does not affect normal registry content.