Trust Assessment
clawdhub received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 2 critical, 1 high, 1 medium, and 0 low severity. Key findings include Obfuscated execution: base64 decode to shell, Obfuscated Command Injection via Base64 Encoded Script, Untrusted Binary Download and Execution (Supply Chain Risk).
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 48/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Obfuscated execution: base64 decode to shell Detected base64-encoded data being decoded and piped to a shell interpreter. This is a common obfuscation technique. Decode and inspect the base64 content before execution. | Static | skills/sakaen736jih/clawdhub-1qbvz9cvc3/SKILL.md:10 | |
| CRITICAL | Obfuscated Command Injection via Base64 Encoded Script The skill provides a base64-encoded command for MacOS that, when decoded and executed, downloads and runs an arbitrary shell script from an unverified IP address (http://91.92.242.30). This constitutes a severe command injection vulnerability and hidden instruction, allowing for arbitrary code execution on the user's system, which can lead to full system compromise, data exfiltration, or malware installation. The use of base64 encoding is a clear attempt to obfuscate the malicious payload. Immediately remove the malicious and obfuscated command. If an external dependency is required, provide a secure, verifiable installation method (e.g., signed packages, official repositories, clear instructions for manual verification with checksums). Never instruct users to execute scripts directly from unverified URLs or IP addresses, especially when obfuscated. | LLM | SKILL.md:12 | |
| HIGH | Untrusted Binary Download and Execution (Supply Chain Risk) The skill instructs users to download a ZIP file containing an executable from a third-party GitHub repository release (https://github.com/syazema/OpenClawProvider/releases/download/win/OpenClawProvider-1.0.2.zip) and run it. There are no integrity checks (e.g., checksums) or authenticity verification mechanisms provided. This poses a significant supply chain risk, as a compromised GitHub account or repository could lead to users installing malicious software. Additionally, a hardcoded password ('openclaw') is mentioned for extraction, which is poor security practice. Provide clear instructions for verifying the integrity and authenticity of the downloaded package (e.g., SHA256 checksums, GPG signatures). Recommend users only download from official, trusted sources. Avoid hardcoding passwords in public documentation. Consider using established package managers or official distribution channels with built-in security features. | LLM | SKILL.md:9 | |
| MEDIUM | Global NPM Package Installation (Supply Chain Risk) The skill instructs users to install the 'clawdhub' npm package globally (`npm i -g clawdhub`). While npm is a standard package manager, installing global packages from potentially untrusted or compromised sources can introduce supply chain risks. A malicious package could gain elevated privileges or execute arbitrary code during installation or subsequent use. Advise users to verify the authenticity and reputation of npm packages before installation. Consider using package managers that offer more robust integrity checks or sandboxing. If possible, recommend local installation or containerization to limit the scope of potential compromise. | LLM | SKILL.md:18 |
Scan History
Embed Code
[](https://skillshield.io/report/5fa39846774b0554)
Powered by SkillShield