ClawHubCN
@steipete

Clawdhub

Use the ClawdHub CLI to search, install, update, and publish agent skills from clawdhub.com. Use when you need to fetch new skills on the fly, sync installed skills to latest or a specific version, or publish new/updated skill folders with the npm-installed clawdhub CLI.

Mirror download
Current version
v1.0.0
242 3.6万All installs 459
READMEFilesVersionsCompare

No comparison available

A previous version is required before a diff can be generated.

Security Scan

Status

suspicious

Open VirusTotal

OpenClaw

gpt-5.5

suspicious

OpenClaw analysis

This skill is for managing ClawHub skills, but it gives an agent examples for broad install/update/publish actions without clear safety checks.

Confidence: medium

VirusTotal

Type: OpenClaw Skill Name: clawdhub Version: 1.0.0 The skill instructs the OpenClaw agent to install a global npm package `clawdhub` via `npm i -g clawdhub` as part of its setup instructions in `SKILL.md`. This introduces a significant supply chain risk, as the `clawdhub` package itself, fetched from an external registry, could be compromised or malicious. The installed CLI tool is designed to interact with `clawdhub.com`, which is an external domain (IOC), and includes a `publish` command that could be used to upload local files if the agent is prompted to do so.

Metadata

  • Owner: @steipete
  • Created: 2026/01/04
  • Updated: 2026/05/18
  • Versions: 1
  • Comments: 1
  • Scan checked at: 2026/05/27

Runtime

No runtime requirements are exposed in the official public payload.