ClawHub (opens in new tab)

(clawhub.ai)

50 pointsdruther4mo ago41 comments

41 comments

28 comments · 9 top-level

arnvald4mo ago· 6 in thread

Do these skills actually provide much value? Like, how much better are they than something that I could tell Claude to generate based on a single API doc from Slack/Trello?

Flavius4mo ago

Zero. If a skill actually provides value, one of two things happens: it gets absorbed into Claude Code (or similar) within a week, or a company packages it up and charges real money for it. The "free skill that gives you an edge" window is essentially nonexistent. By the time you find it, everyone else has it too. You're better off learning to prompt well against raw API docs than chasing a library of pre-built skills that are either trivial to recreate or about to be made redundant.

clandry944mo ago

From my experience, most are just some high level instructions on how to use CLI tools installed on the system. A lot of the CLI tools they're calling out to have 0 reputation on Github or don't work at all.

I've had more luck writing my own skills using CLI tools I know and trust.

CuriouslyC4mo ago

That's a big part of the reason skills are exploding, people use them as stealth marketing in addition to being a malware injection vector.

raffkede4mo ago

Skills is actually what also Claude code uses internally, it's cool because the llm will load the whole context on how to use it only on demand and keeps the context cleaner.

mrexcess4mo ago

>Do these skills actually provide much value?

IMO, yes. Gemini et. al. out of the box are good at composing, but are entirely passive. Skills enable you to - easily, with low code/no code - teach your AI to perform active tasks either upon direction or under any automatic conditions you specify. This is incredibly powerful. Incredibly dangerous, too, but so is a car when compared with a skateboard.

neya4mo ago

My understanding is that it's just an abstraction layer that feeds right into the context window. Might as well just feed it into the prompt. I think cursor even proved that skills aren't as good as direct prompts (or something to that extent, can't remember exactly)

isodev4mo ago· 4 in thread

So let's recap:

- I click skills.

- The first one is WireGuard "... secure routing and key management".

- I'd download it, hook it to this bot running on my system.

- I'd ask the bot to store / manage super-secret keys that protect actual servers with user data and personal details and god knows what...

- The bot follows my commands by spelunking random snippets of markdown, running other programs on my computer, doing web searches, reading what it finds on the web and giving itself more commands to do...

I've only been in tech for like 20 years or so but I feel like either I'm missing something substantial or some kind of madness is happening to people.

dpoloncsak4mo ago

You're downloading untested code from an unknown user on a random literally just-spun-up 'marketplace' and are shocked when it doesn't work

monooso4mo ago

I think you misinterpreted GP's comment (or at least the tone).

Shank4mo ago

> I've only been in tech for like 20 years or so but I feel like either I'm missing something substantial or some kind of madness is happening to people.

People are extremely eager for a helpful AI assistant that they are willing to sacrifice security for it. Prompt injection attacks are theoretical until they hit you. Until you're hit you're just having fun riding the wave.

sgarland4mo ago

> I feel like either I'm missing something substantial or some kind of madness is happening to people

It is WILD how little “professionals” actually understand about systems, security, or really computers in general.

free_bip4mo ago· 4 in thread

Who is scanning these skills for malware? This seems like a prime target for malicious actors.

ru5524mo ago

Virustotal at upload and periodically during the day

Nextgrid4mo ago

VirusTotal is completely useless for this though? You need enough people to be pwned by that particular piece of malware for it to be flagged as dangerous, by which point the attackers would've already repacked it so it doesn't match the previous signature.

1 more reply

dpoloncsak4mo ago

These are single-file .MDs, right? Written in markdown...

Can't you just read it?

writeslowly4mo ago

I see a number of uploaded skills on the site with bash and python scripts. No idea what runs them

1 more reply

m-hodges4mo ago· 2 in thread

This is what? The 4th or 5th attempt at this in the past two weeks?

verdverm4mo ago

Welcome to the world with zero cost software

sph4mo ago

Show HN as a service

1 more reply

etchalon4mo ago· 2 in thread

How could a public repository of unverified skills that can be downloaded by casual users for a software tool that allows for un-gated access to private information, including financial information, possibly go wrong?

"Don't worry, we have stars."

Itchy and Scratchy land is open for business.

acidocious4mo ago

"Bort? Who the hell is called Bort?!"

etchalon4mo ago

My son is also named Bort.

1 more reply

mrbluecoat4mo ago· 1 in thread

> Upload AgentSkills bundles, version them like npm, and make them searchable with vectors. No gatekeeping, just signal.

Sigh, when I read this and only understand "npm", I feel like retiring.

assimpleaspossi4mo ago

Half the stuff posted like this doesn't give a clue what it does at all much less use made up phrases that make no sense (to most of us).

giancarlostoro4mo ago

So I click on "Skills" and it feels like the page cannot decide what to show me, every item on the list shifts and moves, how is anyone supposed to click on something if it disappears?

StevenNunez4mo ago

Does Openwork replace the need for openclaw? Seems like a more grown up version of it.

incomingpain4mo ago

I have the clawhub skill disabled. You really shouldnt use it, especially when you can just have your claw create their own skills as needed.

j / k navigate · click thread line to collapse

41 comments

28 comments · 9 top-level

arnvald4mo ago· 6 in thread

Do these skills actually provide much value? Like, how much better are they than something that I could tell Claude to generate based on a single API doc from Slack/Trello?

Flavius4mo ago

clandry944mo ago

I've had more luck writing my own skills using CLI tools I know and trust.

CuriouslyC4mo ago

That's a big part of the reason skills are exploding, people use them as stealth marketing in addition to being a malware injection vector.

raffkede4mo ago

Skills is actually what also Claude code uses internally, it's cool because the llm will load the whole context on how to use it only on demand and keeps the context cleaner.

mrexcess4mo ago

>Do these skills actually provide much value?

neya4mo ago

isodev4mo ago· 4 in thread

So let's recap:

- I click skills.

- The first one is WireGuard "... secure routing and key management".

- I'd download it, hook it to this bot running on my system.

- I'd ask the bot to store / manage super-secret keys that protect actual servers with user data and personal details and god knows what...

I've only been in tech for like 20 years or so but I feel like either I'm missing something substantial or some kind of madness is happening to people.

dpoloncsak4mo ago

You're downloading untested code from an unknown user on a random literally just-spun-up 'marketplace' and are shocked when it doesn't work

monooso4mo ago

I think you misinterpreted GP's comment (or at least the tone).

Shank4mo ago

> I've only been in tech for like 20 years or so but I feel like either I'm missing something substantial or some kind of madness is happening to people.

sgarland4mo ago

> I feel like either I'm missing something substantial or some kind of madness is happening to people

It is WILD how little “professionals” actually understand about systems, security, or really computers in general.

free_bip4mo ago· 4 in thread

Who is scanning these skills for malware? This seems like a prime target for malicious actors.

ru5524mo ago

Virustotal at upload and periodically during the day

Nextgrid4mo ago

1 more reply

dpoloncsak4mo ago

These are single-file .MDs, right? Written in markdown...

Can't you just read it?

writeslowly4mo ago

I see a number of uploaded skills on the site with bash and python scripts. No idea what runs them

1 more reply

m-hodges4mo ago· 2 in thread

This is what? The 4th or 5th attempt at this in the past two weeks?

verdverm4mo ago

Welcome to the world with zero cost software

sph4mo ago

Show HN as a service

1 more reply

etchalon4mo ago· 2 in thread

"Don't worry, we have stars."

Itchy and Scratchy land is open for business.

acidocious4mo ago

"Bort? Who the hell is called Bort?!"

etchalon4mo ago

My son is also named Bort.

1 more reply

mrbluecoat4mo ago· 1 in thread

> Upload AgentSkills bundles, version them like npm, and make them searchable with vectors. No gatekeeping, just signal.

Sigh, when I read this and only understand "npm", I feel like retiring.

assimpleaspossi4mo ago

Half the stuff posted like this doesn't give a clue what it does at all much less use made up phrases that make no sense (to most of us).

giancarlostoro4mo ago

So I click on "Skills" and it feels like the page cannot decide what to show me, every item on the list shifts and moves, how is anyone supposed to click on something if it disappears?

StevenNunez4mo ago

Does Openwork replace the need for openclaw? Seems like a more grown up version of it.

incomingpain4mo ago

I have the clawhub skill disabled. You really shouldnt use it, especially when you can just have your claw create their own skills as needed.

j / k navigate · click thread line to collapse