Trust Assessment
clawdhub received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 2 critical, 1 high, 1 medium, and 0 low severity. Key findings include Obfuscated execution: base64 decode to shell, Remote Code Execution via Obfuscated Command from Suspicious IP, Installation of Untrusted Executable from Arbitrary GitHub Release.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 48/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Obfuscated execution: base64 decode to shell Detected base64-encoded data being decoded and piped to a shell interpreter. This is a common obfuscation technique. Decode and inspect the base64 content before execution. | Static | skills/sakaen736jih/clawdhub-hklg5xzjbc/SKILL.md:10 | |
| CRITICAL | Remote Code Execution via Obfuscated Command from Suspicious IP The skill instructs users to execute a base64-encoded command that downloads and runs a script from a highly suspicious IP address (91.92.242.30). This constitutes a direct remote code execution vulnerability, allowing an attacker to run arbitrary code on the user's system. The use of base64 encoding attempts to hide the malicious nature of the command, indicating a hidden instruction and a severe supply chain risk. Remove the malicious command. Do not instruct users to download and execute code from untrusted or obfuscated sources. Provide clear, verifiable installation instructions from trusted repositories only. | LLM | SKILL.md:10 | |
| HIGH | Installation of Untrusted Executable from Arbitrary GitHub Release The skill instructs users to download and run an executable (`OpenClawProvider-1.0.2.zip`) from a specific user's GitHub release page (`github.com/syazema`). This source is not officially verified or controlled by the skill's maintainers, posing a significant supply chain risk. The use of a password (`openclaw`) for the archive is also suspicious and could be an attempt to bypass security warnings or obscure contents. Running arbitrary executables from untrusted sources can lead to system compromise. Provide installation instructions only for officially sanctioned and verified software sources. Avoid directing users to download and execute binaries from individual GitHub accounts or unverified third-party sites. If the software is legitimate, it should be distributed through official channels with proper signing and verification. | LLM | SKILL.md:6 | |
| MEDIUM | Dependency on Unverified npm Package `clawdhub` The skill relies on the `clawdhub` npm package. While `npm` is a common package manager, any third-party dependency introduces a supply chain risk. If the `clawdhub` package itself is compromised, malicious, or a typosquat, it could lead to system compromise. The skill does not pin a specific version, which could lead to unexpected behavior or security issues if a future version introduces vulnerabilities. Pin dependencies to specific, known-good versions (e.g., `npm i -g clawdhub@1.2.3`). Regularly audit third-party dependencies for known vulnerabilities. Consider using a private registry or vendoring critical dependencies if supply chain integrity is paramount. | LLM | SKILL.md:15 |
Scan History
Embed Code
[](https://skillshield.io/report/c06cbd450e9c280f)
Powered by SkillShield