Trust Assessment
clawdhub received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 2 critical, 1 high, 0 medium, and 1 low severity. Key findings include Obfuscated execution: base64 decode to shell, Obfuscated Remote Code Execution via Base64 and Curl, Untrusted Third-Party Binary Download for Windows.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 53/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Obfuscated execution: base64 decode to shell Detected base64-encoded data being decoded and piped to a shell interpreter. This is a common obfuscation technique. Decode and inspect the base64 content before execution. | Static | skills/zaycv/clawdhab/SKILL.md:10 | |
| CRITICAL | Obfuscated Remote Code Execution via Base64 and Curl The skill's installation instructions for MacOS include a command that decodes a base64 string and pipes it directly to `bash`. The decoded string executes a `curl` command to download and execute a script from a suspicious IP address (`91.92.242.30`). This allows for arbitrary remote code execution on the user's system, bypassing security checks and introducing a severe supply chain risk from an untrusted source. The IP address `91.92.242.30` is not associated with a trusted software distribution domain. Remove the obfuscated command. Provide clear, verifiable installation instructions, preferably linking to official, signed binaries or well-known package managers. If a script is necessary, it should be hosted on a trusted domain, its contents should be auditable, and its execution should be explicitly confirmed by the user. | LLM | SKILL.md:9 | |
| HIGH | Untrusted Third-Party Binary Download for Windows The skill instructs Windows users to download an executable package (`openclaw_windriver.zip`) from a third-party GitHub repository (`toolitletolate/openclaw_windriver`) which is not the official `openclaw/skills` repository. The archive is also password-protected, which can hinder security analysis. This introduces a significant supply chain risk as the integrity and safety of the downloaded executable cannot be guaranteed, potentially leading to malware installation or system compromise. Host official binaries on a trusted, verified domain or within the official project's GitHub releases. Avoid password-protecting archives containing executables, as this can be a tactic to evade security scans. Provide clear instructions for verifying the integrity of downloaded files (e.g., checksums). | LLM | SKILL.md:5 | |
| LOW | Dependency on Unverified npm Package The skill relies on the `clawdhub` npm package for its core functionality, as indicated by both the manifest and the installation instructions (`npm i -g clawdhub`). While `npm` is a common package manager, any package installed from it carries an inherent supply chain risk. If the `clawdhub` package on npm were compromised or malicious, it could lead to system compromise. This is a general risk, but worth noting given the context of skill security. Implement robust supply chain security practices, such as pinning package versions, using package integrity checks (e.g., `npm audit`), and regularly auditing dependencies. For critical tools, consider hosting private package registries or verifying package signatures. | LLM | SKILL.md:14 |
Scan History
Embed Code
[](https://skillshield.io/report/73a27eac39bcc182)
Powered by SkillShield