Skill Hub

OpenClaw skill discovery, security vetting & install. Searches 3000+ curated skills from ClawHub registry and awesome-openclaw-skills catalog. Scores credibility, detects prompt injection & malicious patterns, manages installations. Quick-checks GitHub for new skills.

What to consider before installing Skill Hub: - Dependency check: The package calls external CLIs ('gh' GitHub CLI and 'npx' to run clawhub). The metadata incorrectly lists no required binaries — ensure you have and trust these CLIs before running the skill. - Remote code execution: The skill uses 'npx clawhub@latest' and fetches raw README from GitHub. npx@latest will download and execute packages from npm each time; consider pinning versions or auditing clawhub behavior before allowing installs. - Prompt-injection token: A prompt-injection phrase was detected in SKILL.md. Confirm whether it appears only as an example for detection, not as an instruction the agent should follow. If you plan to let the agent invoke this skill autonomously, be cautious about ambiguous frontmatter or instructions that could influence model behavior. - File writes & workspace: The skill reads/writes a catalog at references/awesome-catalog.json (inside the skill bundle) and uses ~/.openclaw/workspace for invoking ClawHub. Ensure you are comfortable with those write locations and back them up if necessary. - Run in a sandbox first: If possible, run the scripts in a restricted environment or container to observe network calls and subprocesses (gh, npx) before enabling in a production agent. - Audit third-party behavior: Inspect/verify what 'clawhub' and the GitHub repo (VoltAgent/awesome-openclaw-skills) contain. Because this skill downloads and inspects other skills, its trust boundary extends to the external repos it contacts. Recommended next steps: 1) Review the code paths that call subprocess (search, quick-check, vet) to confirm they don't pass untrusted input into shell=True calls (the provided scripts appear to use list-argument subprocess.run without shell=True). 2) Confirm or add required-binaries metadata for gh and npx. 3) Consider pinning npm packages (avoid '@latest') and avoiding automatic remote execution unless you trust the sources. 4) If you allow this skill, run its vet function on itself and run quick-check/sync in a controlled environment first. Given these mismatches and the prompt-injection signal, exercise caution; the skill is plausible for its stated purpose but has implementation details and runtime behaviors that warrant review before granting it access to your agent.

Type: OpenClaw Skill Name: skill-hub Version: 1.0.0 The skill is classified as benign. Its core purpose is skill discovery, security vetting, and installation, which inherently requires broad permissions like Bash, Read, and Write, and the use of subprocess calls to `gh` (GitHub CLI) and `npx clawhub` (OpenClaw registry CLI). The `skill-hub-security-patterns.py` file explicitly defines patterns for detecting malicious activities, indicating a security-conscious design. All external network calls are to expected and legitimate sources (e.g., `raw.githubusercontent.com` for the awesome list). There is no evidence of intentional harmful behavior such as credential theft, data exfiltration to arbitrary endpoints, persistence mechanisms, or prompt injection attempts against the agent.