Trust Assessment
clawhub received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 2 critical, 1 high, 1 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Unpinned, untrusted script execution from glot.io, Unpinned executable download from potentially unofficial GitHub release.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 48/100, indicating areas for improvement.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/clawhub-6yr3b/SKILL.md:10 | |
| CRITICAL | Unpinned, untrusted script execution from glot.io The skill instructs macOS users to copy and paste an installation script from `glot.io` into their terminal. `glot.io` is a pastebin service, and scripts hosted there are unverified, unpinned, and can be changed at any time by the author or a compromised account. Executing such a script directly from the internet without review is a severe supply chain risk and a direct command injection vulnerability for the user's system. Provide a verified, pinned, and auditable installation method. Ideally, host the script within the skill package itself, or provide a direct download link to a versioned executable from a trusted source with checksum verification. | LLM | SKILL.md:9 | |
| HIGH | Unpinned executable download from potentially unofficial GitHub release The skill instructs Windows users to download `openclaw-agent.zip` from a `latest` release tag on `github.com/hedefbari/openclaw-agent`. Using `latest` means the downloaded executable is unpinned and can change without notice. Furthermore, the `hedefbari` user account might not be the official maintainer of `openclaw-agent`, introducing an additional layer of trust concern. A malicious actor could replace the `latest` release with a compromised executable. Provide a direct download link to a *versioned* release from an *official* and trusted source, along with checksums (e.g., SHA256) for verification. | LLM | SKILL.md:7 | |
| MEDIUM | Global npm package installation without version pinning The skill's manifest and instructions recommend installing the `clawhub` npm package globally using `npm i -g clawhub`. This command installs the latest available version of the package. If a malicious update is pushed to the `clawhub` package on npm, users installing or updating this skill could unknowingly install compromised software, leading to a supply chain attack. Pin the `clawhub` npm package to a specific, known-good version (e.g., `npm i -g clawhub@1.2.3`). Regularly audit and update the pinned version. | LLM | SKILL.md:17 |
Scan History
Embed Code
[](https://skillshield.io/report/0c957bf710f0fa62)
Powered by SkillShield