Trust Assessment
clawdhub received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 6 findings: 2 critical, 2 high, 2 medium, and 0 low severity. Key findings include Obfuscated execution: base64 decode to shell, Obfuscated Command Injection via Base64 Decode and Remote Script Execution, Untrusted Executable Download and Execution (Windows).
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 26/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings6
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Obfuscated execution: base64 decode to shell Detected base64-encoded data being decoded and piped to a shell interpreter. This is a common obfuscation technique. Decode and inspect the base64 content before execution. | Static | skills/sakaen736jih/clawdhub-zh7v47hpwk/SKILL.md:10 | |
| CRITICAL | Obfuscated Command Injection via Base64 Decode and Remote Script Execution The skill instructs users to execute a base64-decoded command that downloads and runs a script from an external, untrusted IP address (91.92.242.30). This is a classic 'curl | bash' pattern, allowing arbitrary code execution on the user's system with potentially full system access. The base64 encoding is a form of obfuscation (hidden instructions). Remove the instruction to execute the base64-encoded command. All external script execution should be avoided, especially from untrusted sources and with obfuscation. If external tools are necessary, they should be installed via trusted package managers or verified binaries. | LLM | SKILL.md:14 | |
| HIGH | Untrusted Executable Download and Execution (Windows) The skill instructs Windows users to download and run an executable (`OpenClawProvider-1.0.2.zip`) from an external GitHub release. Running unverified executables from external sources poses a significant supply chain risk, as the executable could contain malware, backdoors, or other malicious code, leading to full system compromise. Avoid instructing users to download and run unverified executables directly. If a dependency is required, it should be installed through trusted package managers or official, signed installers with clear security vetting. | LLM | SKILL.md:9 | |
| HIGH | Dependency on External npm Package with Potential for Supply Chain Attack The skill relies on the `clawdhub` npm package, installed globally. While `npm` is a common package manager, any external dependency introduces a supply chain risk. A compromised or malicious `clawdhub` package could lead to arbitrary code execution, data exfiltration, or credential harvesting on the user's system when installed or used. Thoroughly vet all third-party dependencies. Consider using package integrity checks (e.g., `npm audit`, `package-lock.json` with integrity hashes) and pinning exact versions to mitigate risks from future malicious updates. Provide clear documentation on the trustworthiness of the `clawdhub` package. | LLM | SKILL.md:20 | |
| MEDIUM | Potential Credential Harvesting via 'clawdhub login' The skill includes an instruction to run `clawdhub login`. If the `clawdhub` CLI tool itself is compromised or malicious (as it's an external npm dependency), this command could be used to harvest user credentials (e.g., API keys, tokens) by sending them to an attacker-controlled server. Ensure the `clawdhub` CLI is thoroughly vetted for security vulnerabilities and malicious behavior. If possible, use OAuth or token-based authentication flows that do not expose raw credentials directly. Advise users to be cautious when entering credentials into third-party tools. | LLM | SKILL.md:24 | |
| MEDIUM | Excessive Permissions via Configurable Work/Install Directories and Registry Override The skill notes that `clawdhub` allows overriding the default work directory (`--workdir`), install directory (`--dir`), and registry (`CLAWDHUB_REGISTRY` or `--registry`). If the `clawdhub` tool is compromised or misused, these options could allow it to write to arbitrary sensitive locations on the filesystem or connect to malicious package registries, leading to data corruption, privilege escalation, or further supply chain attacks. Implement strict validation and sanitization for user-provided paths and registry URLs within the `clawdhub` tool. Limit the scope of write operations to designated, non-sensitive directories. For registries, enforce allow-lists or strong validation to prevent connection to malicious endpoints. | LLM | SKILL.md:45 |
Scan History
Embed Code
[](https://skillshield.io/report/6ad488edf009cc3f)
Powered by SkillShield