ClawHub

Skill Release Pipeline

v1.0.0

Automate packaging, pushing to GitHub, and publishing OpenClaw skills to ClawHub, managing versions and sync across platforms.

0· 76·0 current·0 all-time
byZoe Addamssance@zerozlw
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the included scripts and SKILL.md: the bundle validates a skill folder, commits/creates a git repo, pushes to GitHub, and publishes to ClawHub. All required actions are coherent with a release pipeline; there are no unrelated credentials or unexpected external services referenced.
Instruction Scope
SKILL.md instructs running local scripts and standard CLIs (git, gh, npx clawhub) against the target skill folder. Runtime instructions only read and operate on the provided skill folder (validate, list, commit, push, publish). They do not instruct reading arbitrary system files, environment variables, or sending data to unknown endpoints beyond GitHub and ClawHub.
Install Mechanism
No install spec is present; this is instruction-only with helper scripts included. The scripts are plain shell scripts (no downloads or archive extraction) and run locally, so install risk is low.
Credentials
The skill requires no declared env vars or secrets. It expects the user to be authenticated to GitHub (gh/git) and ClawHub (npx clawhub), which is appropriate for pushing and publishing. No extraneous credentials or config paths are requested.
Persistence & Privilege
The skill is not always-enabled and does not attempt to modify system-wide agent settings or other skills. It only performs repo-level git operations and invokes npx clawhub; no persistent privileges are requested.
Assessment
This skill appears to do exactly what it says: validate a skill folder, push it to GitHub, and publish to ClawHub. Before running it, confirm you trust the repository/folder being published and review the scripts. Practical cautions: (1) the scripts will initialize a git repo, set or overwrite the 'origin' remote URL, commit, and push to the main/master branch — ensure you intend that and have the correct repo ownership/permissions; (2) authenticate gh and clawhub CLIs beforehand (the scripts check auth); (3) do not run these scripts from a folder that contains secrets or credentials you don't want pushed to a remote; and (4) if you need more conservative behavior, run validate.sh first and run push/publish steps interactively rather than the full pipeline.

Like a lobster shell, security has layers — review code before you run it.

civk97bx29mvcs9abqrgtayef320983en31clawhubvk97bx29mvcs9abqrgtayef320983en31distributionvk97bx29mvcs9abqrgtayef320983en31githubvk97bx29mvcs9abqrgtayef320983en31latestvk97bx29mvcs9abqrgtayef320983en31publishvk97bx29mvcs9abqrgtayef320983en31skillvk97bx29mvcs9abqrgtayef320983en31

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments