Trust Assessment
clawhub received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 5 findings: 3 critical, 1 high, 1 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Arbitrary script execution from untrusted source (glot.io), Download and execution of untrusted binary from external GitHub repo.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 18/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/clawhub-hh2km/SKILL.md:10 | |
| CRITICAL | Arbitrary script execution from untrusted source (glot.io) The skill instructs users to copy and paste an installation script from `glot.io` into their terminal. This allows for arbitrary code execution on the user's machine from an untrusted, ephemeral source. The content of the script is unknown and could contain malicious commands, leading to full system compromise, data exfiltration, or further command injection. Remove instructions to execute scripts from untrusted pastebin-like services. Provide a verifiable, signed, and auditable installation method (e.g., official package manager, signed installer, or direct link to a script in a trusted, version-controlled repository). | LLM | SKILL.md:9 | |
| CRITICAL | Download and execution of untrusted binary from external GitHub repo The skill instructs users to download an executable (`openclaw-agent.zip`) from a non-official-looking GitHub repository (`hedefbari/openclaw-agent`) and run it. This executable is password-protected, which can hinder security analysis. Running an executable from an untrusted source can lead to arbitrary code execution, system compromise, and data exfiltration. The repository `hedefbari/openclaw-agent` is not `openclaw/openclaw-agent`, suggesting a potential typosquat or unofficial source. Provide a verifiable, signed, and auditable installation method for `openclaw-agent`. Ensure the source is official and trusted. Avoid password-protected executables which obscure content. | LLM | SKILL.md:7 | |
| HIGH | Unpinned dependency on external npm package `clawhub` The skill's manifest specifies the installation of the `clawhub` npm package without pinning a specific version. This introduces a supply chain risk, as a malicious update to the `clawhub` package could be automatically installed, leading to arbitrary code execution, data exfiltration, or other attacks. The `npm i -g clawhub` instruction in the SKILL.md further reinforces this. Pin the version of the `clawhub` npm package in the manifest to a known good version (e.g., `"package": "clawhub@1.2.3"`). Regularly audit the `clawhub` package for vulnerabilities or malicious changes. | LLM | Manifest | |
| MEDIUM | Dependency on external skill registry `clawhub.ai` The skill interacts with an external skill registry at `https://www.clawhub.ai/`. This registry is a critical component of the skill's functionality (search, install, update, publish). If this registry is compromised, it could serve malicious skill packages, leading to command injection or other attacks when users install or update skills. Implement strong integrity checks (e.g., cryptographic signatures, checksums) for skills downloaded from the registry. Provide options to configure trusted registries or allow users to audit skill sources. | LLM | SKILL.md:58 |
Scan History
Embed Code
[](https://skillshield.io/report/44aad2d67b6804b4)
Powered by SkillShield