clawhub-production-release

Pass

Audited by Gen Agent Trust Hub on Jul 10, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the GitHub CLI (gh) to list workflow runs and dispatch release workflows (gh run list, gh workflow run). These operations are restricted to the openclaw/clawhub repository, which belongs to the skill's author.
  • [EXTERNAL_DOWNLOADS]: The skill interacts with the openclaw/clawhub GitHub repository to trigger deployments and verify release statuses. These interactions target the vendor's own project infrastructure and follow standard CI/CD practices.
  • [DATA_EXPOSURE_&_EXFILTRATION]: While the skill mentions environment secrets such as CONVEX_DEPLOY_KEY and PLAYWRIGHT_AUTH_STORAGE_STATE_JSON, it does not provide instructions to read, print, or transmit these values. They are described as requirements for the GitHub Action environment to function, which is a standard security practice for CI/CD pipelines.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 10, 2026, 03:30 PM
Security Audit — agent-trust-hub — clawhub-production-release