← Back to Skills Marketplace
ClawHub Publish Doctor
by
BlueBirdBack ✨
· GitHub ↗
· v1.0.0
656
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install clawhub-publish-doctor
Description
Diagnose and mitigate ClawHub/ClawDHUB publish failures (auth, browser-login, missing dependencies, pending security-scan visibility errors, and wrong profil...
README (SKILL.md)
ClawHub Publish Doctor
Stabilize ClawHub publishing with preflight checks, safer publish commands, and post-publish verification that tolerates temporary registry states.
Quick workflow
- Run preflight checks:
scripts/clawhub_preflight.sh
- If login/browser issues appear, follow
references/error-map.md. - Publish with retry-aware verification:
scripts/clawhub_publish_safe.sh \x3Cskill_path> \x3Cslug> \x3Cname> \x3Cversion> [changelog]
- If inspect still fails, classify the error with
references/error-map.mdbefore escalating.
Standard commands
Preflight
bash scripts/clawhub_preflight.sh
Login (token-based, headless-safe)
clawhub login --token \x3Cclh_token>
clawhub whoami
Safe publish
bash scripts/clawhub_publish_safe.sh ./my-skill my-skill "My Skill" 1.0.0 "Initial release"
Manual inspect
clawhub inspect my-skill --json
Rules
- Prefer token login in server/headless environments.
- Treat
inspecterrors right after publish as potentially transient for a few minutes. - Verify with both CLI (
clawhub inspect) and web URL (/skills/\x3Cslug>). - Use canonical URLs:
- Skill:
https://clawhub.ai/skills/\x3Cslug> - Owner/slug:
https://clawhub.ai/\x3Chandle>/\x3Cslug> - User profile (if available):
https://clawhub.ai/users/\x3Chandle>
- Skill:
Resources
references/error-map.md: quick diagnosis for common failure signatures.scripts/clawhub_preflight.sh: dependency + environment checks.scripts/clawhub_publish_safe.sh: publish + retry verification wrapper.
Usage Guidance
This package appears coherent and limited to helping with ClawHub publishes. Before running: (1) verify you have the official clawhub CLI installed (avoid unknown binaries), (2) keep your ClawHub token secret and use token login only in trusted environments, (3) review the small shell scripts yourself — they write temporary diagnostic files to /tmp and call clawhub commands but do not exfiltrate secrets, and (4) avoid running as an elevated user in shared systems. If you need higher assurance, test the scripts in an isolated environment first.
Capability Analysis
Type: OpenClaw Skill
Name: clawhub-publish-doctor
Version: 1.0.0
The `scripts/clawhub_publish_safe.sh` file directly passes unsanitized user-controlled arguments (skill path, slug, name, version, changelog) to the `clawhub publish` command. This creates a potential command injection vulnerability if the `clawhub` CLI or the underlying environment is susceptible to shell injection via its arguments (e.g., if it internally uses `eval` or `system()` without proper escaping). While the script's stated purpose is benign (to publish skills), this lack of input sanitization represents a significant security risk, allowing for potential arbitrary command execution if exploited. There is no evidence of intentional malicious behavior such as data exfiltration or persistence.
Capability Assessment
Purpose & Capability
Name/description describe publish diagnostics; included scripts perform preflight checks (presence of clawhub/xdg-open/rg), instruct token-based login, run clawhub publish and clawhub inspect with retry — all coherent with the stated goal.
Instruction Scope
SKILL.md limits runtime actions to running the provided scripts and the clawhub CLI. The scripts write small diagnostic outputs to /tmp (whoami/publish outputs) and echo CLI results; this is within scope but worth noting if you run in a shared or highly-sensitive environment since temporary files are used.
Install Mechanism
This is an instruction-only skill with two small shell scripts; there is no install spec, no downloads, and no archive extraction. No high-risk install behavior observed.
Credentials
No required environment variables or credentials are declared. The workflow expects the user to supply a ClawHub token for `clawhub login --token <clh_token>` which is appropriate and proportional for publishing operations. Optional controls (MAX_RETRIES, SLEEP_SECONDS) are benign.
Persistence & Privilege
The skill does not request permanent/forced inclusion (always:false), does not modify other skills or global agent settings, and has no autonomous persistence behavior beyond normal invocation.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install clawhub-publish-doctor - After installation, invoke the skill by name or use
/clawhub-publish-doctor - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial public release
Metadata
Frequently Asked Questions
What is ClawHub Publish Doctor?
Diagnose and mitigate ClawHub/ClawDHUB publish failures (auth, browser-login, missing dependencies, pending security-scan visibility errors, and wrong profil... It is an AI Agent Skill for Claude Code / OpenClaw, with 656 downloads so far.
How do I install ClawHub Publish Doctor?
Run "/install clawhub-publish-doctor" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is ClawHub Publish Doctor free?
Yes, ClawHub Publish Doctor is completely free (open-source). You can download, install and use it at no cost.
Which platforms does ClawHub Publish Doctor support?
ClawHub Publish Doctor is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created ClawHub Publish Doctor?
It is built and maintained by BlueBirdBack ✨ (@bluebirdback); the current version is v1.0.0.
More Skills