← 返回 Skills 市场
611
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install skillpub
功能描述
Create, validate, security-scan, and publish skills to ClawHub. Use when asked to "make a skill", "publish a skill", "create a new skill", "scaffold a skill"...
安全使用建议
This tool generally does what it says (scaffold/validate/scan/publish), but do not run publish.sh blindly. Before using: 1) Inspect SKILL.md (especially the name field) for any suspicious characters; avoid publishing skills whose SKILL.md contains untrusted or unreviewed text. 2) Replace the eval usage in publish.sh with a safer exec model (use an array to call clawhub with arguments) or ensure strict sanitization of slug/name/version inputs. 3) Avoid using --skip-checks or --force unless you understand and accept the risk. 4) Add 'clawhub' to the declared required binaries so users know the dependency. 5) Consider modifying security-scan.sh to also check the core scripts (or have an external reviewer) because it currently skips them. If you cannot review or fix these issues, treat this skill as untrusted and do not use it to publish code to ClawHub.
功能分析
Type: OpenClaw Skill
Name: skillpub
Version: 1.0.0
The skill bundle's primary purpose is to create, validate, security-scan, and publish other skills, which is a legitimate function. However, the `scripts/publish.sh` file contains a critical shell injection vulnerability. It constructs a `clawhub publish` command using `eval`, incorporating the `SKILL_NAME` extracted from `SKILL.md`. If an attacker can control the `name` field in a `SKILL.md` file being published, they can inject arbitrary shell commands (e.g., `name: my-skill $(malicious_command)`) that will be executed by `eval` on the system running `publish.sh`. This RCE vulnerability is not detected by the `scripts/security-scan.sh` script, as `publish.sh` is explicitly excluded from its `eval` pattern checks, which is a significant oversight in the security scanner itself.
能力评估
Purpose & Capability
Name/description match the included scripts (scaffold, validate, security-scan, publish). However the runtime expects the 'clawhub' CLI (publish.sh checks for it and calls 'clawhub publish') yet the registry metadata lists no required binaries — mismatch. The package is labeled 'instruction-only' (no install spec) but includes executable scripts; that is not inherently wrong but should be reflected in declared requirements.
Instruction Scope
SKILL.md instructs running the bundled scripts, which is appropriate, but publish.sh constructs a command string and executes it with eval — using data extracted from SKILL.md (skill name) and user arguments without robust sanitization. An attacker could craft a SKILL.md or slug containing characters that break quoting and inject additional shell commands. security-scan.sh intentionally skips checking the canonical script files (publish/validate/scaffold/security-scan) when searching for dangerous patterns, which reduces its effectiveness and could allow malicious content to hide in those scripts. The publish flow also exposes flags to skip checks (--skip-checks) or ignore scan failures (--force), increasing risk if used without care.
Install Mechanism
No install spec (instruction-only) and scripts are shipped as plain files. This is low-risk in terms of automatic code downloads or opaque install steps. Nothing is fetched from unknown URLs during install by the skill itself.
Credentials
The skill declares no required environment variables or credentials, and the scripts do not demand secrets to run. The security-scan.sh actively checks for env-harvesting patterns in scanned skills, which is good. However, the scanner excludes its own control scripts from some checks, and publish/validate use data from SKILL.md and CLI args — so environment/metadata-based injection is a possibility even without declared credentials.
Persistence & Privilege
always is false and there is no indication the skill requests persistent privileges or modifies other skills or global agent configs. It does require the user's explicit invocation to publish, and it depends on an external clawhub CLI to actually push packages.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install skillpub - 安装完成后,直接呼叫该 Skill 的名称或使用
/skillpub触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release - scaffold, validate, security-scan, and publish skills to ClawHub
元数据
常见问题
Skill Publisher 是什么?
Create, validate, security-scan, and publish skills to ClawHub. Use when asked to "make a skill", "publish a skill", "create a new skill", "scaffold a skill"... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 611 次。
如何安装 Skill Publisher?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install skillpub」即可一键安装,无需额外配置。
Skill Publisher 是免费的吗?
是的,Skill Publisher 完全免费(开源免费),可自由下载、安装和使用。
Skill Publisher 支持哪些平台?
Skill Publisher 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Skill Publisher?
由 Ash Bhat(@theashbhat)开发并维护,当前版本 v1.0.0。
推荐 Skills