TOSR Test Skill
PassAudited by VirusTotal on May 6, 2026.
Overview
Type: OpenClaw Skill Name: tosr-test-skill-1778050437 Version: 0.2.0 This skill is a legitimate integration test artifact created by the TOSR project to verify the skill lifecycle (creation, updates, and deletion) on the clawhub API. The files (_meta.json and SKILL.md) contain only metadata and descriptive documentation with no executable code, malicious instructions, or indicators of compromise.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If followed with access to a ClawHub API session or tool, an agent could make real changes to skill records, including deletion.
The core described workflow uses real API operations that can create, update, and delete ClawHub skill records.
This skill validates the following operations against the real clawhub API: ... Publish — Creates a new skill ... Update — Publishes a new version ... Delete — Removes the skill via DELETE /api/v1/skills/{slug}Use only in a disposable test context, require explicit user confirmation before any mutating API call, and ensure the target slug is fixed to the intended test skill.
The skill may rely on whatever ClawHub authority is already available to the agent, making it unclear which account or permissions would be used.
These are account-level operations that would normally depend on ClawHub permissions, while the provided metadata declares no primary credential or required environment variables.
Publish — Creates a new skill via POST /api/v1/skills ... Update — Publishes a new version of an existing skill ... Delete — Removes the skill via DELETE /api/v1/skills/{slug}Do not run this under a normal publishing account unless the required credentials, target account, and exact scope of allowed operations are explicitly documented and controlled.