Publishes and syncs local bot skills to ClawHub using non-browser login, preflight safety checks, and automated release scripts for single or batch workflows.
Security Analysis
medium confidenceThe skill's scripts behave like a legitimate ClawHub publisher but the package metadata omits key requirements (CLAWHUB_TOKEN and required CLI/binaries), an inconsistency that needs clarification before trusting it.
The skill claims to publish/sync to ClawHub and the scripts do exactly that (they call a local 'clawhub' CLI and use a CLAWHUB_TOKEN). However, the registry metadata lists no required environment variables or binaries — but the runtime requires CLAWHUB_TOKEN (or reading ~/.openclaw/.env) and the 'clawhub' CLI and python3. The missing declarations are an incoherence between claimed purpose and declared requirements.
SKILL.md and the scripts restrict operations to publishing/syncing workflows: they scan only the given skill directory for secrets/CJK, read token from env or ~/.openclaw/.env, and call the 'clawhub' CLI. The preflight checks operate only on files under the provided skill path and will halt on detected secret patterns or blocked files. No external endpoints or obfuscated exfiltration code are present in the scripts themselves.
There is no install spec (instruction-only), which is low-risk. However, the runtime relies on external tools ('clawhub' CLI and python3). These required binaries are not declared in the metadata, which is an omission that should be corrected so callers know prerequisites.
The scripts require a CLAWHUB_TOKEN (env or ~/.openclaw/.env) and may set CLAWHUB_REGISTRY; but the skill metadata declares no required env vars or primary credential. Requesting a single service token is proportionate to the stated purpose — the problem is that it isn't advertised in the metadata, which could lead to surprises or accidental token exposure if users don't expect the token access.
The skill does not request permanent platform presence (always:false), does not modify other skills or global agent settings, and does not store credentials itself beyond reading them from env/.env. Autonomy (disable-model-invocation:false) is the platform default and not a meaningful additional risk here.
Guidance
This package appears to implement a reasonable publish/sync flow, but the metadata is missing important prerequisites. Before installing or running: 1) Confirm the 'clawhub' CLI is an official, trusted binary and decide where it will be installed. 2) Be aware the scripts read CLAWHUB_TOKEN (from env or $HOME/.openclaw/.env) — do not provide a high-privilege token unless necessary; prefer a scoped token and rotate it after use. 3) Inspect ~/.openclaw/.env handling and ensure that file is stored securely (scripts read it if present). 4) Use --dry-run first and run the scripts in an isolated environment (or CI worker) to observe behavior. 5) If you are the publisher: update the registry metadata to declare required env vars (CLAWHUB_TOKEN) and required binaries (clawhub, python3) so callers are not surprised. If the author can provide an official source for the 'clawhub' CLI and update metadata to declare the token/binaries, my concerns would decrease.
Latest Release
v1.0.0
Initial public release: secure ClawHub publish automation with preflight checks
Popular Skills
Published by @wanng-ide on ClawHub
