Trust Assessment
clawhub received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 8 findings: 2 critical, 2 high, 2 medium, and 2 low severity. Key findings include Network egress to untrusted endpoints, Execution of untrusted script from glot.io for agent installation, Global NPM package installation from external registry.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 22/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings8
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/clawhub-d4kxr/SKILL.md:10 | |
| CRITICAL | Execution of untrusted script from glot.io for agent installation The skill instructs macOS users to copy and paste an installation script from `glot.io`, a public pastebin service, and execute it in their terminal. This is a severe supply chain risk as the content of the script can change at any time and could contain malicious code, leading to arbitrary command execution on the user's system. `glot.io` is not a trusted software distribution platform. Do not instruct users to execute scripts from untrusted sources like `glot.io`. Provide a signed binary, a package manager installation, or a script hosted on a trusted, version-controlled repository. | LLM | SKILL.md:10 | |
| HIGH | Global NPM package installation from external registry The skill's manifest and instructions require installing the `clawhub` CLI globally via `npm i -g clawhub`. This introduces a supply chain risk as the integrity of the `clawhub` package on the npm registry is critical. A compromised package could lead to arbitrary code execution during installation. Furthermore, the `npm` command itself is a form of command injection, and if the package name or registry could be manipulated, it could lead to further compromise. Ensure the `clawhub` npm package is thoroughly vetted and maintained. Consider using package integrity checks (e.g., `npm audit`, `package-lock.json` with integrity hashes) if possible. For the skill itself, ensure that any parameters passed to `npm` are strictly controlled and not derived from untrusted input. | LLM | SKILL.md:19 | |
| HIGH | Installation of skills from external `clawhub.ai` registry The skill facilitates the installation of other skills using `clawhub install my-skill` from `https://www.clawhub.ai/`. This creates a direct dependency on the security and integrity of the `clawhub.ai` skill registry. If the registry is compromised, or if malicious skills are published, installing them could lead to arbitrary code execution on the agent's system. This also represents a command injection risk if the skill name or version can be manipulated by untrusted input. Implement robust security measures for the `clawhub.ai` registry, including code signing, vulnerability scanning of published skills, and strict publishing policies. For the skill, ensure that skill names and versions passed to `clawhub install` are validated and sanitized to prevent command injection. | LLM | SKILL.md:29 | |
| MEDIUM | Download of external `openclaw-agent` executable The skill instructs Windows users to download an executable (`openclaw-agent.zip`) from a GitHub release. While GitHub releases are generally more trusted than arbitrary URLs, downloading and running an external binary still poses a supply chain risk. The executable could be compromised, or the GitHub account could be hijacked, leading to the distribution of malicious software. The use of a password (`openclaw`) for extraction is also unusual and could be a weak security measure if the zip is compromised. Provide clear instructions for verifying the integrity of the downloaded executable (e.g., checksums, GPG signatures). Consider distributing via trusted package managers where possible. | LLM | SKILL.md:7 | |
| MEDIUM | Execution of external `clawhub` CLI commands The skill's primary function is to execute various `clawhub` CLI commands (e.g., `search`, `login`, `update`, `publish`). While this is the intended behavior, it introduces a command injection risk if any arguments passed to these commands are derived from untrusted user input without proper sanitization. A malicious input could potentially break out of the intended command and execute arbitrary shell commands. All arguments passed to `clawhub` commands must be strictly validated and sanitized. Avoid directly concatenating untrusted input into shell commands. Use parameterized command execution where possible, or escape special characters. | LLM | SKILL.md:22 | |
| LOW | Global installation requiring elevated permissions The `npm i -g clawhub` command requires elevated permissions (e.g., root/administrator) to install the `clawhub` CLI globally. While common for CLI tools, this means the installation process itself runs with high privileges, increasing the impact of a supply chain compromise during installation. Consider if a global installation is strictly necessary. If not, prefer local installations. If global is required, ensure the installation process is as secure as possible and users are aware of the elevated privileges. | LLM | SKILL.md:19 | |
| LOW | Handling of user credentials via `clawhub login` The skill exposes the `clawhub login` command, which implies handling user credentials for authentication with `clawhub.ai`. While the skill itself doesn't harvest credentials, it facilitates their input and use. The security of these credentials depends entirely on the `clawhub` CLI tool and the `clawhub.ai` service. If either is compromised, credentials could be at risk. Ensure the `clawhub` CLI tool implements secure credential handling practices (e.g., OAuth, secure storage, avoiding plaintext). Advise users on best practices for managing API keys/tokens. | LLM | SKILL.md:22 |
Scan History
Embed Code
[](https://skillshield.io/report/200b8188159b2014)
Powered by SkillShield