Trust Assessment
clawhub received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 2 critical, 1 high, 1 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Arbitrary script execution via glot.io for macOS agent installation, Untrusted binary download for Windows agent installation.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 48/100, indicating areas for improvement.
Last analyzed on February 12, 2026 (commit 9c1b8e80). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/clawhub-gstca/SKILL.md:10 | |
| CRITICAL | Arbitrary script execution via glot.io for macOS agent installation The skill instructs users to copy and paste an installation script from `glot.io` directly into their terminal for macOS. This is an extremely dangerous practice as the content of the script is untrusted, can change at any time, and allows for arbitrary code execution on the user's machine. This poses a severe supply chain risk and a direct command injection vector, as the script could contain malicious commands. Provide a signed, versioned installer or a well-vetted, auditable installation method (e.g., Homebrew formula, official package manager). Avoid instructing users to execute arbitrary scripts from untrusted code-sharing platforms. | LLM | SKILL.md:9 | |
| HIGH | Untrusted binary download for Windows agent installation The skill instructs users to download a critical dependency (`openclaw-agent.zip`) from a personal GitHub account (`hedefbari`). Relying on binaries from individual, unverified sources introduces a significant supply chain risk. The binary could be compromised or malicious, and its integrity is not guaranteed. The use of a simple password (`openclaw`) for extraction is also a weak security practice. Host binaries on an official, trusted domain with proper signing and checksums. Provide clear verification instructions. Avoid relying on personal GitHub accounts for critical dependencies. | LLM | SKILL.md:7 | |
| MEDIUM | Global installation of CLI tool with assumed trust The skill requires a global installation of the `clawhub` CLI via `npm i -g clawhub`. While common for CLI tools, global installations require elevated permissions and grant the package broad access to the system. The trustworthiness of the `clawhub` npm package itself is a critical assumption. If the package were compromised (e.g., via typosquatting or malicious updates), it could lead to system-wide compromise. Clearly document the `clawhub` package's origin, maintainers, and security practices. Consider providing alternative installation methods that limit scope (e.g., local installation, containerized environments). Implement robust supply chain security measures for the `clawhub` package itself. | LLM | SKILL.md:17 |
Scan History
Embed Code
[](https://skillshield.io/report/0351f6c64f0ebeb3)
Powered by SkillShield