clawhub-publisher Security Report — Low Risk | ClawSafe

20 /100

clawhub-publisher

ClawHub技能发布助手。在发布新技能前自动检查ClawHub/GitHub上的现有版本，对比实现思路，智能整合差异后发布/更新。

Legitimate ClawHub publishing automation tool with minor documentation gaps (missing allowed-tools declaration) but no malicious behavior detected.

Skill Nameclawhub-publisher

Duration42.6s

Enginepi

✓

Safe to install

Add an allowed-tools declaration to SKILL.md specifying shell:WRITE for bash execution, filesystem:READ for file operations, and network:READ for API calls to clawhub.com.

Findings 2 items

Severity	Finding	Location
Low	Missing allowed-tools declaration Doc Mismatch SKILL.md does not declare an allowed-tools section, making it unclear what permissions the skill requires. All scripts use bash for execution. `No allowed-tools section present` → Add allowed-tools: shell:WRITE, filesystem:READ, network:READ	`SKILL.md:1`
Low	Modifies system file publish.js Priv Escalation publish.sh can modify /usr/lib/node_modules/clawhub/dist/cli/commands/publish.js to add acceptLicenseTerms. This is user-interactive and documented. `sed -i "s/form.set('payload', JSON.stringify({/form.set('payload', JSON.stringify({\n acceptLicenseTerms: true,/" "$PUBLISH_JS_PATH"` → This is expected behavior for the ClawHub CLI workflow, not a security concern	`scripts/publish.sh:88`

Resource	Declared	Inferred	Status	Evidence
Shell	`NONE`	`WRITE`	✗ Violation	All scripts use bash for execution
Filesystem	`NONE`	`READ`	✗ Violation	Scripts read local files and package.json
Network	`NONE`	`READ`	✗ Violation	clawhub inspect/install/publish commands make API calls

11 findings

🔗

Medium External URL 外部 URL

https://img.shields.io/badge/License-MIT-yellow.svg

README.md:3

🔗

Medium External URL 外部 URL

https://opensource.org/licenses/MIT

README.md:3

🔗

Medium External URL 外部 URL

https://clawhub.com

README.md:187

🔗

Medium External URL 外部 URL

https://semver.org/

references/best-practices.md:25

🔗

Medium External URL 外部 URL

https://www.conventionalcommits.org/

references/best-practices.md:460

🔗

Medium External URL 外部 URL

https://www.shellcheck.net/

references/best-practices.md:461

🔗

Medium External URL 外部 URL

https://pep8.org/

references/best-practices.md:462

🔗

Medium External URL 外部 URL

https://api.clawhub.com）

references/clawhub-api.md:265

🔗

Medium External URL 外部 URL

https://custom-api.clawhub.com

references/clawhub-api.md:268

🔗

Medium External URL 外部 URL

https://git-scm.com/doc

references/git-workflow.md:352

🔗

Medium External URL 外部 URL

https://clawhub.com/skills/$SLUG

scripts/publish.sh:155

File Tree

12 files · 42.1 KB · 1989 lines

Markdown 5f · 1377L Shell 5f · 582L JSON 2f · 30L

├─ ▾ 📁 references

│ ├─ 📝 best-practices.md Markdown 462L · 8.0 KB

│ ├─ 📝 clawhub-api.md Markdown 299L · 5.1 KB

│ └─ 📝 git-workflow.md Markdown 355L · 6.1 KB

├─ ▾ 📁 scripts

│ ├─ 🔧 check-existing.sh Shell 70L · 1.8 KB

│ ├─ 🔧 compare-versions.sh Shell 141L · 3.8 KB

│ ├─ 🔧 config.sh Shell 22L · 977 B

│ ├─ 🔧 publish.sh Shell 173L · 4.6 KB

│ └─ 🔧 update.sh Shell 176L · 5.0 KB

├─ 📋 config.example.json JSON 6L · 167 B

├─ 📋 package.json JSON 24L · 705 B

├─ 📝 README.md Markdown 194L · 4.2 KB

└─ 📝 SKILL.md Markdown 67L · 1.8 KB

Security Positives

✓ No credential theft - does not access ~/.ssh, ~/.aws, or other sensitive credential paths

✓ No data exfiltration - all network traffic is to legitimate clawhub.com API

✓ No obfuscation - all code is plain shell scripts without base64 or encoded payloads

✓ No reverse shell or C2 communication

✓ No remote script execution via curl|bash or wget|sh

✓ External dependencies (clawhub CLI) are from a legitimate package manager

✓ Scripts have proper error handling and exit codes

✓ User-interactive prompts before sensitive operations

Scan Report

Findings 2 items

File Tree

Security Positives