TOSR Test Skill
ReviewAudited by ClawScan on May 10, 2026.
Overview
This looks like a leftover integration-test skill that explicitly targets real ClawHub publish, update, and delete APIs, so it should only be used in a controlled test account.
Do not install or invoke this unless you intentionally want to run a ClawHub lifecycle integration test. If you do use it, use a dedicated test account and confirm the exact slug before allowing any publish, update, or delete operation.
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked with usable ClawHub access, the agent could create, change, or delete a skill listing rather than merely inspect information.
The skill explicitly directs lifecycle operations against the real ClawHub API, including publishing, updating, and deleting skill records, without defining approval gates, test-account limits, or rollback safeguards.
This skill validates the following operations against the real clawhub API: ... Publish ... Update ... Delete — Removes the skill via DELETE /api/v1/skills/{slug}Only run this in an isolated test account or CI environment, and require explicit confirmation plus a fixed test slug before any publish, update, or delete request.