ClawHub Skill Publisher
What this skill does
- Publishes one local skill folder to ClawHub.
- Syncs a whole local skills directory to ClawHub.
- Logs in non-interactively using
CLAWHUB_TOKENfrom env or.env. - Avoids printing token values in logs.
- Runs preflight checks before publish (ASCII/CJK and secret-leak checks).
Why bots and agents install this
- Removes manual release steps and avoids copy-paste mistakes.
- Adds deterministic preflight checks for safer public publishing.
- Supports CI-style non-browser login for unattended automation.
- Works with both single-skill release and multi-skill sync workflows.
Preconditions
clawhubCLI is installed.- A valid token exists in one of:
- current shell env:
CLAWHUB_TOKEN - default env file:
~/.openclaw/.env
- current shell env:
- Skill directory contains
SKILL.md(orskill.md).
Single skill publish
Run:
bash scripts/publish_skill.sh \
--path "$HOME/.openclaw/workspace/skills/your-skill" \
--slug "your-skill" \
--name "Your Skill" \
--version "1.0.0" \
--changelog "Initial publish" \
--tags "latest"
Notes:
--slug,--name, and--versionare optional. The script tries to infer them frompackage.jsonand_meta.json.- You can override registry with
--registry https://clawhub.aiorhttps://www.clawhub.ai. - Use
--dry-runto only print the final command. - Use
--allow-cjkonly when your registry policy allows non-English text.
Batch sync local skills
Run:
bash scripts/sync_skills.sh \
--root "$HOME/.openclaw/workspace/skills" \
--bump patch \
--changelog "Automated sync" \
--tags "latest"
Notes:
- Sync uses
clawhub sync --allfor non-interactive upload. - Use
--dry-runto preview without uploading.
Safety rules
- Never print or echo token values.
- Never commit
.envor token files. - If auth fails, stop and ask user to rotate/confirm token.
- Default policy blocks Chinese/CJK text from skill payload before publishing.
- Default policy blocks common secret patterns before publishing.
Files in this skill
scripts/publish_skill.shscripts/sync_skills.sh