clawhub-production-release
Pass
Audited by Gen Agent Trust Hub on Jul 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the GitHub CLI (
gh) to list workflow runs and dispatch release workflows (gh run list,gh workflow run). These operations are restricted to theopenclaw/clawhubrepository, which belongs to the skill's author. - [EXTERNAL_DOWNLOADS]: The skill interacts with the
openclaw/clawhubGitHub repository to trigger deployments and verify release statuses. These interactions target the vendor's own project infrastructure and follow standard CI/CD practices. - [DATA_EXPOSURE_&_EXFILTRATION]: While the skill mentions environment secrets such as
CONVEX_DEPLOY_KEYandPLAYWRIGHT_AUTH_STORAGE_STATE_JSON, it does not provide instructions to read, print, or transmit these values. They are described as requirements for the GitHub Action environment to function, which is a standard security practice for CI/CD pipelines.
Audit Metadata