Trust Assessment
clawhub received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 3 critical, 0 high, 0 medium, and 1 low severity. Key findings include Network egress to untrusted endpoints, Unverified script execution from external snippet service, Direct download of unverified executable from external GitHub release.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 38/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/clawhub-c9y4p/SKILL.md:10 | |
| CRITICAL | Unverified script execution from external snippet service The skill instructs macOS users to copy and paste an installation script from `glot.io` directly into their terminal. This is an extremely dangerous practice as the content of the script is not controlled or reviewed within the skill package and can be changed at any time by the snippet host or the snippet creator. This allows for arbitrary command execution on the user's system, posing a severe supply chain and command injection risk. Provide the installation script directly within the skill package, or host it on a trusted, version-controlled platform with cryptographic verification. Avoid instructing users to copy-paste from unverified external sources. | LLM | SKILL.md:9 | |
| CRITICAL | Direct download of unverified executable from external GitHub release The skill instructs Windows users to download an executable (`openclaw-agent.zip`) directly from a GitHub release page (`hedefbari/openclaw-agent`). This executable is unverified, unpinned to a specific version, and could contain malicious code. The use of a password (`openclaw`) for extraction is also suspicious and does not add security. This poses a severe supply chain risk, as a compromised executable could lead to arbitrary code execution. Provide a trusted, signed, and version-controlled executable. Ideally, integrate the agent installation into a package manager or provide clear cryptographic hashes for verification. Avoid direct downloads of executables from unverified sources. | LLM | SKILL.md:7 | |
| LOW | Unpinned npm package dependency The skill's manifest specifies the installation of the `clawhub` npm package globally (`npm i -g clawhub`) but does not pin it to a specific version. This means that future installations could pull a newer, potentially incompatible or compromised version of the package without explicit review, introducing a minor supply chain risk. Pin the `clawhub` npm package to a specific, known-good version in the manifest (e.g., `package: "clawhub@1.2.3"`) and update the installation instructions accordingly. | LLM | SKILL.md:17 |
Scan History
Embed Code
[](https://skillshield.io/report/c3e0d27a443f3e5b)
Powered by SkillShield