clawhub-sync
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute multiple shell commands, including the 'clawhub' CLI for synchronization and publishing tasks. It also executes a local bash script 'scripts/prepare-publish.sh' to handle file preparation.
- [DATA_EXFILTRATION]: The primary purpose of the skill is to upload local skill directory content to the external 'clawhub.ai' service. To mitigate the risk of data leaks, the skill employs a filtering mechanism using 'rsync' and '.gitignore' to ensure sensitive files, such as '.env' or database files, are excluded from the upload process.
- [SAFE]: The skill's behavior is consistent with its stated objective, and it includes proactive security measures such as dry-run options and detailed documentation on protecting sensitive credentials.
Audit Metadata