Trust Assessment
clawhub received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 3 findings: 2 critical, 1 high, 0 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Unverified script execution for macOS prerequisite, Direct download of unverified executable for Windows prerequisite.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 12, 2026 (commit 5acc5677). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/clawhub-f3qcn/SKILL.md:10 | |
| CRITICAL | Unverified script execution for macOS prerequisite The skill instructs macOS users to copy and paste an arbitrary script from `glot.io` into their terminal. This practice is highly dangerous as the content of the script is not verified and could contain malicious commands, leading to command injection or system compromise. `glot.io` is a public snippet service, not a trusted software distribution platform. Provide a signed, verified installer or a script hosted on a trusted, version-controlled repository (e.g., GitHub Gist with a specific commit hash, or a dedicated package manager) with clear instructions for verification (e.g., checksums). Avoid instructing users to copy-paste from arbitrary snippet services. | LLM | SKILL.md:13 | |
| HIGH | Direct download of unverified executable for Windows prerequisite The skill instructs Windows users to download an executable (`openclaw-agent.zip`) directly from a GitHub release URL using the `latest` tag. This method lacks version pinning and verification mechanisms (like checksums or digital signatures), making it vulnerable to supply chain attacks if the GitHub repository or release assets are compromised. The requirement to extract with a password (`openclaw`) adds a layer of obscurity but does not enhance security. Provide a version-pinned download with a cryptographic hash (e.g., SHA256) for verification. Ideally, distribute through a trusted package manager or provide digitally signed executables. | LLM | SKILL.md:11 |
Scan History
Embed Code
[](https://skillshield.io/report/0017705a44ae1aaa)
Powered by SkillShield