Publish Skill Publisher
PassAudited by VirusTotal on May 7, 2026.
Overview
Type: OpenClaw Skill Name: skill-publisher-universal Version: 1.1.0 The skill automates the publishing of AgentSkills and includes explicit instructions in SKILL.md for the agent to automatically read sensitive credentials (GITHUB_TOKEN, CLAWHUB_TOKEN) from ~/.env without user confirmation. It also contains logic to manipulate shell environment variables and proxy settings. While these capabilities are functional for a publishing tool and the package includes a security-oriented script (validate_skill.py) to scan for hardcoded secrets, the automated access to authentication tokens and environment modification constitutes high-risk behavior.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may use your GitHub or ClawHub account authority during publishing without a separate credential prompt.
The skill instructs the agent to read local account credentials without prompting. Those credentials can authorize GitHub and ClawHub account actions, and they are not declared in the registry credential metadata.
These tokens are pre-configured in `~/.env` and shell environment. Read them automatically — do not ask the user: ... `GITHUB_TOKEN` ... `CLAWHUB_TOKEN`
Use dedicated least-privilege tokens, verify what scopes they have, and require explicit confirmation before any publish, push, or PR action.
A mistaken invocation or wrong target could publish the wrong package, create a duplicate slug, or submit unwanted public changes.
These commands are central to a publishing skill, but they can mutate public marketplaces or GitHub repositories if run with valid credentials.
`clawhub publish /tmp/publish-<skill-name> --version <version> --slug <skill-name>` ... `Commit, push, create PR`
Review the generated package, target platform, slug, version, branch, and PR contents before approving any publishing command.
Installing a global CLI from npm can affect the local environment and depends on the package source being trustworthy.
The fallback install is an unpinned global npm package installation. This is purpose-aligned for a publishing workflow, but users should verify package provenance.
If CLI unavailable: install `npm i -g clawhub` or upload via clawhub.ai.
Prefer an already trusted ClawHub CLI, pin or verify the package version, or use the web upload option if you do not want a global install.
GitHub traffic may be routed through a proxy you did not intend to use, especially if the example address is copied directly.
The skill may route GitHub connectivity through a configured or example proxy. This is disclosed as a fallback, but it creates an additional network boundary to trust.
source ~/.env ... export https_proxy=http://192.168.28.92:7897 ... Re-test with proxy
Only use a proxy that you control or explicitly trust, and avoid exporting the example proxy address unless it is actually your environment.