Trust Assessment
clawhub received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 2 critical, 1 high, 1 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Untrusted script execution via glot.io for macOS agent, Unpinned npm dependency for clawhub CLI.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 48/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/clawhub-hh1fd/SKILL.md:10 | |
| CRITICAL | Untrusted script execution via glot.io for macOS agent The skill instructs users to copy and paste an installation script from `glot.io`, a public pastebin service, to install `openclaw-agent` on macOS. Content on `glot.io` can be modified by anyone with access to the snippet, allowing for arbitrary code execution on the user's machine. This is a severe supply chain vulnerability and a direct command injection vector, as the integrity and authenticity of the script cannot be guaranteed. Do not instruct users to execute scripts from untrusted, mutable sources like `glot.io`. Provide a signed, versioned installer, or a script hosted on a trusted, immutable source (e.g., a specific commit hash on GitHub, or a dedicated download server with integrity checks). | LLM | SKILL.md:11 | |
| HIGH | Unpinned npm dependency for clawhub CLI The installation instruction `npm i -g clawhub` does not specify a version for the `clawhub` package. This means that if a malicious actor gains control of the `clawhub` package on npm, they could publish a new version containing arbitrary code, which would then be installed by users following these instructions. This poses a significant supply chain risk, as users would unknowingly install potentially compromised software. Always pin dependencies to a specific, immutable version (e.g., `npm i -g clawhub@1.2.3`) to ensure reproducibility and prevent malicious updates. Implement integrity checks (e.g., `npm ci` with a `package-lock.json` or `yarn.lock` for projects, or explicit checksums for global installs if possible). | LLM | SKILL.md:18 | |
| MEDIUM | Windows agent downloaded from mutable 'latest' GitHub release The skill instructs users to download `openclaw-agent.zip` from a GitHub release URL using `/latest/`. The `latest` tag is mutable and can be updated by the repository owner at any time. An attacker who gains control of the GitHub repository could replace the `latest` release with a malicious executable, leading to arbitrary code execution on the user's machine. The use of a weak, hardcoded password (`openclaw`) for extraction is also a minor concern. Link to a specific, immutable release asset (e.g., using a tag like `v1.2.3` instead of `latest`) and provide a checksum (e.g., SHA256) for users to verify the downloaded file's integrity. Avoid hardcoding weak passwords. | LLM | SKILL.md:9 |
Scan History
Embed Code
[](https://skillshield.io/report/f134e16e0b19f622)
Powered by SkillShield