← Back to Skills Marketplace
Clawhub Rate Limited Publisher Fixed
by
vx:17605205782
· GitHub ↗
· v1.0.0
· MIT-0
263
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install clawhub-rate-limited-publisher-fixed
Description
Queue and publish local skills to ClawHub with a strict 5-per-hour cap using the local clawhub CLI and host scheduler.
README (SKILL.md)
ClawHub Rate Limited Publisher
Use this skill when the user wants to publish one or more local skills to ClawHub without exceeding the platform's publish cap.
What this skill does
This skill does not magically grant shell permissions. It provides a safe local queue + scheduler workflow around the user's own clawhub CLI.
Follow this procedure:
- Verify the skill folder exists and contains
SKILL.md. - Build or update a queue JSON file.
- Ask the host to run the helper script from
{baseDir}/scripts/clawhub_rate_limited_uploader.py. - Prefer a host scheduler such as cron or systemd timer so uploads happen automatically every 12 minutes.
- Never exceed 5 publish attempts in any rolling 3600-second window.
- Log stdout/stderr for each attempt and mark queue items as
publishedorfailed.
Required runtime conditions
clawhubmust already be installed and authenticated on the host.- The host must allow command execution. In OpenClaw this usually means enabling runtime tools such as
bash/exec, or running the Python script directly outside chat. - New sessions may be required after changing skill/config state because eligible skills are snapshotted per session.
Recommended invocation patterns
One-off manual run
Run:
python3 "{baseDir}/scripts/clawhub_rate_limited_uploader.py" --queue "/absolute/path/to/queue.json" --execute
Dry run
Run:
python3 "{baseDir}/scripts/clawhub_rate_limited_uploader.py" --queue "/absolute/path/to/queue.json" --dry-run
Cron schedule
Run every 12 minutes using the example in {baseDir}/resources/cron.example.
Queue file shape
See {baseDir}/examples/queue.sample.json.
Each item may contain:
path: absolute path to one skill directorycommand: optional command template, defaultclawhub publish "{path}"
Safety rules
- Use absolute paths.
- Do not use
curl|bash, base64 piping, or hidden remote installers. - Keep
commandlimited to the localclawhub publish "{path}"pattern unless the user explicitly audits and accepts a custom command. - Count failures toward the hourly cap to avoid hammering ClawHub when auth or validation is broken.
Usage Guidance
This package appears to do what it says: it provides a local Python script to enqueue and rate-limit clawhub publish attempts. Before running it: 1) verify clawhub is installed and authenticated on your host; 2) inspect and control the queue JSON file(s) — any custom item.command you include will be executed by the shell, so do not point the queue at untrusted files or commands; 3) run a dry-run first (--dry-run) to confirm the command printed is what you expect; 4) place the queue and state files in a directory you control and monitor the .publisher-state.json and logs; 5) schedule via cron/systemd as recommended if you want automation. If you cannot confidently guarantee the integrity of the queue file or the host environment, do not enable automated execution.
Capability Analysis
Type: OpenClaw Skill
Name: clawhub-rate-limited-publisher-fixed
Version: 1.0.0
The skill provides a utility to manage and rate-limit the publishing of local skills to ClawHub. It is classified as suspicious because the core execution script, scripts/clawhub_rate_limited_uploader.py, uses subprocess.run(shell=True) with string formatting on inputs from a JSON queue file, creating a shell injection vulnerability. While the instructions in SKILL.md and README.md describe a legitimate workflow and include safety warnings, the technical implementation lacks input sanitization for shell commands, which could be exploited if a malicious queue file is processed.
Capability Assessment
Purpose & Capability
Name/description, required binaries (python3, clawhub), SKILL.md instructions, and the included Python script all align: a local tool to queue and rate-limit clawhub publish commands. There are no unrelated credentials, binaries, or config paths requested.
Instruction Scope
SKILL.md confines behavior to preparing a queue and asking the host to run the included script; the script enforces presence of SKILL.md in target directories and keeps state/logs. However, the script accepts a per-item 'command' template from the queue JSON and executes it with subprocess.run(..., shell=True). Although the default command is 'clawhub publish "{path}"' and the docs advise limiting commands, a compromised or malicious queue file could cause arbitrary shell execution. The script does not access environment variables beyond normal process env nor phone home to external endpoints.
Install Mechanism
Instruction-only with an included script; there is no install step, no downloads or external installers. No elevated install risks are present.
Credentials
The skill requests no environment variables or secrets. It requires the host have the clawhub CLI installed and authenticated, which is proportional to the purpose.
Persistence & Privilege
always is false; the skill does not request permanent platform presence or modify other skills. It writes local state and logs next to the queue file (expected for this use).
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install clawhub-rate-limited-publisher-fixed - After installation, invoke the skill by name or use
/clawhub-rate-limited-publisher-fixed - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- Initial release of clawhub-rate-limited-publisher.
- Queue and publish local skills to ClawHub with a strict limit of 5 publishes per hour.
- Integrates with the local clawhub CLI and host scheduler (e.g., cron or systemd).
- Provides a safe queue/runner and logs all publish attempts, marking them as published or failed.
- Enforces safety rules for command execution and counts failed attempts toward the hourly limit.
Metadata
Frequently Asked Questions
What is Clawhub Rate Limited Publisher Fixed?
Queue and publish local skills to ClawHub with a strict 5-per-hour cap using the local clawhub CLI and host scheduler. It is an AI Agent Skill for Claude Code / OpenClaw, with 263 downloads so far.
How do I install Clawhub Rate Limited Publisher Fixed?
Run "/install clawhub-rate-limited-publisher-fixed" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Clawhub Rate Limited Publisher Fixed free?
Yes, Clawhub Rate Limited Publisher Fixed is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Clawhub Rate Limited Publisher Fixed support?
Clawhub Rate Limited Publisher Fixed is cross-platform and runs anywhere OpenClaw / Claude Code is available (darwin, linux).
Who created Clawhub Rate Limited Publisher Fixed?
It is built and maintained by vx:17605205782 (@52yuanchangxing); the current version is v1.0.0.
More Skills