Trust Assessment
clawhub received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 5 findings: 2 critical, 3 high, 0 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Untrusted script execution via glot.io for macOS installation, Direct download of unverified executable for Windows installation.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 25/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/clawhub-gpcrq/SKILL.md:10 | |
| CRITICAL | Untrusted script execution via glot.io for macOS installation The skill instructs macOS users to copy and paste an installation script from `glot.io` into their terminal. `glot.io` is a pastebin-like service where content can be changed at any time without notice or integrity checks. Executing arbitrary scripts from such sources poses an extreme supply chain risk, allowing for potential command injection, malware installation, or system compromise. Provide a signed, versioned, and integrity-checked installation method (e.g., Homebrew formula, official installer, or a script hosted on a trusted, immutable domain with checksums). Avoid instructing users to execute code from ephemeral pastebin services. | LLM | SKILL.md:9 | |
| HIGH | Direct download of unverified executable for Windows installation The skill instructs Windows users to download and run an executable (`openclaw-agent.zip`) directly from a GitHub release page (`github.com/hedefbari/openclaw-agent`). While GitHub releases are generally more reliable than pastebins, there are no integrity checks (e.g., checksums) provided, and the source is a specific user's repository, not an official organization. This introduces a supply chain risk as the executable could be tampered with or replaced, leading to malware execution. Provide checksums (SHA256) for downloaded executables and instruct users to verify them. Ideally, distribute through official package managers (e.g., Chocolatey) or a dedicated, trusted download server. | LLM | SKILL.md:7 | |
| HIGH | Unpinned npm dependency for clawhub CLI The skill's manifest specifies the `clawhub` npm package as a dependency without a specific version or version range. This means that `npm i -g clawhub` will always install the latest available version. If a malicious update is pushed to the `clawhub` package on npm, the agent installing this skill could automatically pull in compromised code, leading to a supply chain attack. Pin the `clawhub` npm package to a specific, known-good version (e.g., `"package": "clawhub@1.2.3"`) or a narrow version range (e.g., `"package": "clawhub@^1.2.0"`) in the manifest. Regularly audit and update the pinned version. | LLM | Manifest | |
| HIGH | Capability to install arbitrary skills from an external registry The `clawhub` CLI, which this skill enables, provides commands like `clawhub install my-skill`. This allows the agent to install arbitrary skills from the ClawHub registry. If the ClawHub registry hosts malicious or compromised skills, or if an attacker can inject malicious skills into the registry, the agent could be tricked into installing and executing them, leading to a broader system compromise. This represents a significant transitive supply chain risk and an excessive permission if the agent is not carefully controlled. Implement strict vetting and sandboxing for all skills available on ClawHub. Agents should ideally have a whitelist of approved skills or require explicit human approval before installing new skills. Consider implementing a robust permission model for installed skills to limit their capabilities. | LLM | SKILL.md:33 |
Scan History
Embed Code
[](https://skillshield.io/report/9712c88785b8cb5e)
Powered by SkillShield