🎁 Get the FREE AI Skills Starter Guide β€” Subscribe β†’
BytesAgainBytesAgain
πŸ¦€ ClawHub

Skill Publish Vetter

by @weidongkl

Pre-publish privacy scan for ClawHub skills. Detects tokens, keys, credentials, .env secrets, personal info, and internal IPs before publishing.

Versionv1.1.0
Downloads328
Installs1
TERMINAL
clawhub install skill-publish-vetter

πŸ“– About This Skill


name: skill-publish-vetter version: 1.1.0 description: Pre-publish privacy scan for ClawHub skills. Detects tokens, keys, credentials, .env secrets, personal info, and internal IPs before publishing.

Skill Publish Vetter πŸ›‘οΈ

Pre-publish privacy scan for ClawHub skills.

Every skill must pass this scan before publishing to ClawHub.


When to Use

  • User says "publish skill to ClawHub"
  • User says "upload skill to ClawHub"
  • User says "update skill on ClawHub"
  • Any request to submit a skill to a public registry

  • Core Principle

    Publishing to ClawHub = publicly visible. Any leaked secret is exposed to the world.

    Better safe than sorry. Even if the scan passes, always ask for user confirmation before publishing.


    Publish Workflow (Mandatory)

    When the user requests a publish/upload/update to ClawHub, follow these steps strictly:

    Step 1: Identify the Target Skill

  • If the context clearly identifies the target skill, proceed.
  • Otherwise, ask the user which skill to publish.
  • Step 2: Run the Privacy Scan

    The scan script lives in this skill's scripts/publish-check.sh. Run it from this skill's directory:

    bash scripts/publish-check.sh 
    

    It scans for:

    | Category | Detection Pattern | Example | |----------|-------------------|---------| | Tokens / Keys | sk-, ghp_, github_pat_, gpg_, xoxb-, glpat-, JWT tokens | sk-abc123... | | API Keys | api_key, apikey, API_KEY, access_token with actual values | API_KEY=abc123 | | Passwords | password, passwd, pwd with non-placeholder values | password=mysecret123 | | Private Keys | BEGIN.*PRIVATE KEY | PEM private key | | Public Keys | BEGIN.*PUBLIC KEY, ssh-rsa long strings | SSH public key | | .env Values | .env files with actual (non-placeholder) assignments | .env: DB_PASS=real_password | | Hardcoded Creds | Authorization: Bearer with real tokens | curl -H "Authorization: Bearer sk-xxx" | | Personal Emails | Non-placeholder, non-org emails | zhangsan@gmail.com | | Personal Paths | /home/username/, /Users/username/ absolute paths | /Users/weidongkl/.ssh/id_rsa | | Internal IPs | 192.168.x.x, 10.x.x.x, 172.16-31.x.x | https://192.168.1.100:8080 |

    Step 3: Output the Full Report

    Output the complete scan report to the chat. Do not summarize or omit anything.

    Step 4: Secondary Confirmation (Required)

    Always ask for confirmation before publishing β€” even if the scan is clean.

    Confirmation message must include:

    1. Skill name 2. Skill directory path 3. Full scan report 4. A clear confirmation prompt

    Template:

    πŸ“‹ Publish Confirmation

    Skill: Path: Version: Scan Result:

    [Full report here]

    Reply "yes" or "confirm" to proceed with publishing, or "cancel" to abort.

    Step 5: Wait for User Response

  • "yes" / "confirm" / "ok" / "go" β†’ proceed to Step 6.
  • "cancel" / "no" / "stop" β†’ abort. Do nothing.
  • No response β†’ do not publish. Wait.
  • Never skip confirmation. Never auto-publish.

    Step 6: Publish

    After confirmation:

    clawhub publish  --slug  --name "" --version "" --changelog ""
    

    Ask the user for slug, name, version, and changelog if not provided.

    Step 7: Report Result

    Tell the user whether publishing succeeded or failed.


    Risk Levels

    | Level | Meaning | Action | |-------|---------|--------| | 🚨 CRITICAL | Token, key, password, private key with actual values | Block publish. User must fix first. | | ⚠️ WARNING | Personal email, personal path, internal IP | Recommend fixing before publishing. | | πŸ’¬ INFO | author, repository identity fields, metadata env exposure | Ask user if intentionally public. |


    Red Lines (Auto-Block)

    If any of these are found, refuse to publish by default:

    1. Any token with actual values (Bearer tokens, API keys, Access tokens) 2. Any private key content (PEM format, SSH private keys) 3. Any password/credential with actual values (not placeholders) 4. .env files with actual configuration values 5. Hardcoded internal IPs or domains 6. Base64-encoded sensitive data

    If the user explicitly says "publish anyway despite risks", re-confirm once before proceeding.


    Placeholder Reference

    Use these placeholders when fixing issues:

    | Type | Placeholder | |------|-------------| | Token | your-api-token / | | API Key | your-api-key / | | Password | your-password / | | Email | you@example.com / | | Username | your-username / | | URL | https://your-server.example.com | | IP | your-server-ip |


    Scan Script

    The script is at scripts/publish-check.sh relative to this skill's directory. It uses no absolute paths and works in any installation location.

    bash scripts/publish-check.sh 
    


    *Safety first, publishing second. Never publish without confirmation.* πŸ›‘οΈ

    ⚑ When to Use

    TriggerAction
    - User says "upload skill to ClawHub"
    - User says "update skill on ClawHub"
    - Any request to submit a skill to a public registry
    ---