← Back to Skills Marketplace
611
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install skillpub
Description
Create, validate, security-scan, and publish skills to ClawHub. Use when asked to "make a skill", "publish a skill", "create a new skill", "scaffold a skill"...
Usage Guidance
This tool generally does what it says (scaffold/validate/scan/publish), but do not run publish.sh blindly. Before using: 1) Inspect SKILL.md (especially the name field) for any suspicious characters; avoid publishing skills whose SKILL.md contains untrusted or unreviewed text. 2) Replace the eval usage in publish.sh with a safer exec model (use an array to call clawhub with arguments) or ensure strict sanitization of slug/name/version inputs. 3) Avoid using --skip-checks or --force unless you understand and accept the risk. 4) Add 'clawhub' to the declared required binaries so users know the dependency. 5) Consider modifying security-scan.sh to also check the core scripts (or have an external reviewer) because it currently skips them. If you cannot review or fix these issues, treat this skill as untrusted and do not use it to publish code to ClawHub.
Capability Analysis
Type: OpenClaw Skill
Name: skillpub
Version: 1.0.0
The skill bundle's primary purpose is to create, validate, security-scan, and publish other skills, which is a legitimate function. However, the `scripts/publish.sh` file contains a critical shell injection vulnerability. It constructs a `clawhub publish` command using `eval`, incorporating the `SKILL_NAME` extracted from `SKILL.md`. If an attacker can control the `name` field in a `SKILL.md` file being published, they can inject arbitrary shell commands (e.g., `name: my-skill $(malicious_command)`) that will be executed by `eval` on the system running `publish.sh`. This RCE vulnerability is not detected by the `scripts/security-scan.sh` script, as `publish.sh` is explicitly excluded from its `eval` pattern checks, which is a significant oversight in the security scanner itself.
Capability Assessment
Purpose & Capability
Name/description match the included scripts (scaffold, validate, security-scan, publish). However the runtime expects the 'clawhub' CLI (publish.sh checks for it and calls 'clawhub publish') yet the registry metadata lists no required binaries — mismatch. The package is labeled 'instruction-only' (no install spec) but includes executable scripts; that is not inherently wrong but should be reflected in declared requirements.
Instruction Scope
SKILL.md instructs running the bundled scripts, which is appropriate, but publish.sh constructs a command string and executes it with eval — using data extracted from SKILL.md (skill name) and user arguments without robust sanitization. An attacker could craft a SKILL.md or slug containing characters that break quoting and inject additional shell commands. security-scan.sh intentionally skips checking the canonical script files (publish/validate/scaffold/security-scan) when searching for dangerous patterns, which reduces its effectiveness and could allow malicious content to hide in those scripts. The publish flow also exposes flags to skip checks (--skip-checks) or ignore scan failures (--force), increasing risk if used without care.
Install Mechanism
No install spec (instruction-only) and scripts are shipped as plain files. This is low-risk in terms of automatic code downloads or opaque install steps. Nothing is fetched from unknown URLs during install by the skill itself.
Credentials
The skill declares no required environment variables or credentials, and the scripts do not demand secrets to run. The security-scan.sh actively checks for env-harvesting patterns in scanned skills, which is good. However, the scanner excludes its own control scripts from some checks, and publish/validate use data from SKILL.md and CLI args — so environment/metadata-based injection is a possibility even without declared credentials.
Persistence & Privilege
always is false and there is no indication the skill requests persistent privileges or modifies other skills or global agent configs. It does require the user's explicit invocation to publish, and it depends on an external clawhub CLI to actually push packages.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install skillpub - After installation, invoke the skill by name or use
/skillpub - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release - scaffold, validate, security-scan, and publish skills to ClawHub
Metadata
Frequently Asked Questions
What is Skill Publisher?
Create, validate, security-scan, and publish skills to ClawHub. Use when asked to "make a skill", "publish a skill", "create a new skill", "scaffold a skill"... It is an AI Agent Skill for Claude Code / OpenClaw, with 611 downloads so far.
How do I install Skill Publisher?
Run "/install skillpub" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Skill Publisher free?
Yes, Skill Publisher is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Skill Publisher support?
Skill Publisher is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Skill Publisher?
It is built and maintained by Ash Bhat (@theashbhat); the current version is v1.0.0.
More Skills