Trust Assessment
clawdhub received a trust score of 68/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 2 high, 1 medium, and 0 low severity. Key findings include Unpinned dependency in skill installation, Potential for command injection via skill arguments, Skill exposes credential handling command.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unpinned dependency in skill installation The skill manifest specifies the installation of the 'clawdhub' npm package without a pinned version. This means 'npm i -g clawdhub' will always install the latest available version. If a malicious or compromised version of 'clawdhub' is published to the npm registry, it could be automatically installed, leading to a supply chain attack. Pin the 'clawdhub' package to a specific, known-good version (e.g., "package": "clawdhub@1.2.3") in the manifest to ensure deterministic and secure installations, mitigating the risk of installing compromised future versions. | LLM | SKILL.md:7 | |
| HIGH | Potential for command injection via skill arguments The skill exposes commands like `clawdhub install <skill-name>` and `clawdhub publish <path>`. If the `<skill-name>` or `<path>` arguments are derived from untrusted user input, a malicious actor could potentially craft these inputs to install harmful code, publish sensitive local files, or exploit command injection vulnerabilities if the underlying `clawdhub` CLI does not robustly sanitize all inputs before execution. Implement strict input validation and sanitization for any arguments passed to `clawdhub install` or `clawdhub publish` that originate from untrusted sources. Consider whitelisting allowed skill names or paths, or requiring explicit user confirmation for sensitive operations involving external input. | LLM | SKILL.md:15 | |
| MEDIUM | Skill exposes credential handling command The skill's documentation explicitly mentions the `clawdhub login` command, which is used for authentication and managing credentials. If an LLM is prompted by untrusted input to execute this command, it could potentially expose sensitive authentication tokens or API keys, or store them in a way that could be later accessed by the LLM or other unauthorized entities. Ensure that the LLM's execution environment is isolated and that any credentials handled by `clawdhub login` are stored securely and are not accessible to the LLM or other unauthorized processes. Implement strict policies on when and how the LLM can invoke credential-related commands, especially when interacting with untrusted input. | LLM | SKILL.md:8 |
Scan History
Embed Code
[](https://skillshield.io/report/7a46b55efa0050de)
Powered by SkillShield