Pre-publish privacy scan for ClawHub skills. Detects tokens, keys, credentials, .env secrets, personal info, and internal IPs before publishing.
--- name: skill-publish-vetter version: 1.1.0 description: Pre-publish privacy scan for ClawHub skills. Detects tokens, keys, credentials, .env secrets, personal info, and internal IPs before publishing. --- # Skill Publish Vetter ๐ก๏ธ Pre-publish privacy scan for ClawHub skills. **Every skill must pass this scan before publishing to ClawHub.** --- ## When to Use - User says "publish skill to ClawHub" - User says "upload skill to ClawHub" - User says "update skill on ClawHub" - Any request to submit a skill to a public registry --- ## Core Principle **Publishing to ClawHub = publicly visible. Any leaked secret is exposed to the world.** Better safe than sorry. **Even if the scan passes, always ask for user confirmation before publishing.** --- ## Publish Workflow (Mandatory) When the user requests a publish/upload/update to ClawHub, **follow these steps strictly**: ### Step 1: Identify the Target Skill - If the context clearly identifies the target skill, proceed. - Otherwise, ask the user which skill to publish. ### Step 2: Run the Privacy Scan The scan script lives in this skill's `scripts/publish-check.sh`. Run it from this skill's directory: ```bash bash scripts/publish-check.sh <target-skill-directory> ``` It scans for: | Category | Detection Pattern | Example | |----------|-------------------|---------| | **Tokens / Keys** | `sk-`, `ghp_`, `github_pat_`, `gpg_`, `xoxb-`, `glpat-`, JWT tokens | `sk-abc123...` | | **API Keys** | `api_key`, `apikey`, `API_KEY`, `access_token` with actual values | `API_KEY=abc123` | | **Passwords** | `password`, `passwd`, `pwd` with non-placeholder values | `password=mysecret123` | | **Private Keys** | `BEGIN.*PRIVATE KEY` | PEM private key | | **Public Keys** | `BEGIN.*PUBLIC KEY`, `ssh-rsa` long strings | SSH public key | | **`.env` Values** | `.env` files with actual (non-placeholder) assignments | `.env: DB_PASS=real_password` | | **Hardcoded Creds** | `Authorization: Bearer` with real tokens | `curl -H "Authorization: Bearer sk-xxx"` | | **Personal Emails** | Non-placeholder, non-org emails | `zhangsan@gmail.com` | | **Personal Paths** | `/home/username/`, `/Users/username/` absolute paths | `/Users/weidongkl/.ssh/id_rsa` | | **Internal IPs** | `192.168.x.x`, `10.x.x.x`, `172.16-31.x.x` | `https://192.168.1.100:8080` | ### Step 3: Output the Full Report **Output the complete scan report to the chat.** Do not summarize or omit anything. ### Step 4: Secondary Confirmation (Required) **Always** ask for confirmation before publishing โ even if the scan is clean. Confirmation message must include: 1. **Skill name** 2. **Skill directory path** 3. **Full scan report** 4. **A clear confirmation prompt** Template: ``` ๐ Publish Confirmation Skill: <name> Path: <directory> Version: <version> Scan Result: <PASS / ISSUES FOUND> [Full report here] Reply "yes" or "confirm" to proceed with publishing, or "cancel" to abort. ``` ### Step 5: Wait for User Response - "yes" / "confirm" / "ok" / "go" โ proceed to Step 6. - "cancel" / "no" / "stop" โ abort. Do nothing. - No response โ do not publish. Wait. **Never skip confirmation. Never auto-publish.** ### Step 6: Publish After confirmation: ```bash clawhub publish <skill-directory> --slug <slug> --name "<name>" --version "<version>" --changelog "<changelog>" ``` Ask the user for slug, name, version, and changelog if not provided. ### Step 7: Report Result Tell the user whether publishing succeeded or failed. --- ## Risk Levels | Level | Meaning | Action | |-------|---------|--------| | ๐จ **CRITICAL** | Token, key, password, private key with actual values | **Block publish.** User must fix first. | | โ ๏ธ **WARNING** | Personal email, personal path, internal IP | **Recommend fixing** before publishing. | | ๐ฌ **INFO** | author, repository identity fields, metadata env exposure | **Ask user** if intentionally public. | --- ## Red Lines (Auto-Block) If any of these are found, **refuse to publish by default**: 1. Any token with actual values (Bearer tokens, API keys, Access tokens) 2. Any private key content (PEM format, SSH private keys) 3. Any password/credential with actual values (not placeholders) 4. `.env` files with actual configuration values 5. Hardcoded internal IPs or domains 6. Base64-encoded sensitive data If the user explicitly says "publish anyway despite risks", re-confirm once before proceeding. --- ## Placeholder Reference Use these placeholders when fixing issues: | Type | Placeholder | |------|-------------| | Token | `your-api-token` / `<YOUR_TOKEN>` | | API Key | `your-api-key` / `<API_KEY>` | | Password | `your-password` / `<PASSWORD>` | | Email | `you@example.com` / `<YOUR_EMAIL>` | | Username | `your-username` / `<USERNAME>` | | URL | `https://your-server.example.com` | | IP | `your-server-ip` | --- ## Scan Script The script is at `scripts/publish-check.sh` relative to this skill's directory. It uses no absolute paths and works in any installation location. ```bash bash scripts/publish-check.sh <target-skill-directory> ``` --- *Safety first, publishing second. Never publish without confirmation.* ๐ก๏ธ
don't have the plugin yet? install it then click "run inline in claude" again.
added inputs section with external dependencies (clawhub CLI, auth credentials, edge cases like timeouts and auth expiry), expanded procedure from 7 implicit steps to 11 explicit steps with detailed inputs/outputs, moved all conditional logic into decision points section with keyword matching and timeout handling, added output contract with scan report, confirmation prompt, and result templates, added outcome signal with success indicators.
pre-publish privacy scan for ClawHub skills. detects tokens, keys, credentials, .env secrets, personal info, and internal IPs before publishing.
run this skill whenever a user requests to publish, upload, or update a skill to ClawHub or any public registry. the skill scans the target skill's codebase for exposed secrets, credentials, personal data, and internal infrastructure details. publishing to ClawHub makes code world-visible, so any leaked credential becomes a security incident. this scan gates the publish action and requires explicit user confirmation before proceeding.
scripts/publish-check.sh relative to this skill's directory. must be executable.clawhub command-line tool must be installed and authenticated. requires valid ClawHub API credentials (typically stored in ~/.clawhub/config or CLAWHUB_API_TOKEN env var).edge cases and external dependencies:
clawhub publish hangs beyond 30 seconds, timeout and report failure.identify the target skill
validate the target directory exists
run the privacy scan
bash scripts/publish-check.sh <target-skill-directory> from this skill's directory.parse scan results and determine risk level
generate confirmation prompt
display report and request confirmation
wait for user response with timeout
branch on user response (see "decision points" section)
collect missing metadata (if needed)
execute publish command
clawhub publish <skill-directory> --slug <slug> --name "<name>" --version "<version>" --changelog "<changelog>".report result to user
before step 3 (scan execution)
after step 4 (risk assessment)
during step 7 (confirmation wait)
during step 8 (branch on response)
during step 10 (publish execution)
clawhub login.after step 11 (final result)
scan report (step 3 output)
publish-check.sh.SCAN REPORT: skill-example
CRITICAL:
- File: src/config.js, Line 42
Found token pattern: sk-abc123xyz... (OpenAI API key)
WARNING:
- File: README.md, Line 15
Found personal email: john@gmail.com
INFO:
- File: package.json
Metadata field: "author": "john-doe" (non-sensitive)
RESULT: ISSUES FOUND (2 critical, 1 warning)
confirmation prompt (step 6 output)
๐ Publish Confirmation
Skill: <skill-name>
Path: <skill-directory>
Version: <version>
Scan Result: <PASS / ISSUES FOUND>
[Full scan report here]
โ ๏ธ Risk Level: <CRITICAL / WARNING / INFO / CLEAN>
Reply "yes" or "confirm" to proceed with publishing, or "cancel" to abort.
final publish result (step 11 output)
the skill has worked when:
publish-check.sh script runs to completion and produces a report.clawhub publish is run with correct metadata.success indicators:
original skill by weidongkl. enhanced for Implexa standards with explicit decision points, edge case handling, and detailed output contracts.