Trust Assessment
clawdhub received a trust score of 67/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 2 high, 1 medium, and 0 low severity. Key findings include Untrusted npm package installation, Potential command injection via npm postinstall scripts, Sensitive credential handling by external CLI.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Untrusted npm package installation The skill's manifest specifies the installation of the `clawdhub` npm package. Installing packages from public registries introduces a significant supply chain risk, as a compromised package or its dependencies could execute arbitrary malicious code during installation or runtime. The package version is not pinned, increasing the risk of pulling a malicious or vulnerable update. Pin the `clawdhub` package to a specific, audited version (e.g., `clawdhub@1.2.3`). Regularly audit the package and its dependencies for vulnerabilities. Consider using a private npm registry or vendoring critical dependencies to mitigate risks. | LLM | SKILL.md:1 | |
| HIGH | Potential command injection via npm postinstall scripts The skill installs an npm package (`clawdhub`) globally. npm packages can contain `postinstall` scripts that execute arbitrary commands on the host system during installation. If the `clawdhub` package or any of its dependencies are malicious, they could exploit this mechanism to achieve command injection, leading to remote code execution. As with supply chain risk, pin package versions and audit package code. Run installations in isolated, least-privileged environments (e.g., containers, sandboxes) to limit the blast radius of potential command injection. | LLM | SKILL.md:7 | |
| MEDIUM | Sensitive credential handling by external CLI The skill instructs the use of `clawdhub login`, which likely involves handling user credentials (e.g., API keys, tokens). If the `clawdhub` CLI tool itself is compromised (e.g., through a supply chain attack on its npm package), it could harvest these credentials. While the skill itself does not directly harvest, it directs the user to an operation that involves sensitive data with an external, potentially untrusted tool. Ensure the `clawdhub` CLI is from a trusted source and its integrity is verified. Use ephemeral credentials or OAuth/SSO mechanisms where possible to avoid direct handling of long-lived secrets. Implement strong authentication practices like MFA. | LLM | SKILL.md:10 |
Scan History
Embed Code
[](https://skillshield.io/report/9402d5fcc7462fef)
Powered by SkillShield