TOSR Test Skill
AdvisoryAudited by Static analysis on May 6, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If followed with access to a ClawHub API session or tool, an agent could make real changes to skill records, including deletion.
The core described workflow uses real API operations that can create, update, and delete ClawHub skill records.
This skill validates the following operations against the real clawhub API: ... Publish — Creates a new skill ... Update — Publishes a new version ... Delete — Removes the skill via DELETE /api/v1/skills/{slug}Use only in a disposable test context, require explicit user confirmation before any mutating API call, and ensure the target slug is fixed to the intended test skill.
The skill may rely on whatever ClawHub authority is already available to the agent, making it unclear which account or permissions would be used.
These are account-level operations that would normally depend on ClawHub permissions, while the provided metadata declares no primary credential or required environment variables.
Publish — Creates a new skill via POST /api/v1/skills ... Update — Publishes a new version of an existing skill ... Delete — Removes the skill via DELETE /api/v1/skills/{slug}Do not run this under a normal publishing account unless the required credentials, target account, and exact scope of allowed operations are explicitly documented and controlled.