Trust Assessment
clawhub received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 3 critical, 0 high, 1 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Unpinned npm package dependency, Direct download and execution of unverified executable.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 33/100, indicating areas for improvement.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/clawhub-i7oci/SKILL.md:10 | |
| CRITICAL | Direct download and execution of unverified executable The skill instructs users to download and execute `openclaw-agent.zip` from a GitHub release URL (`https://github.com/hedefbari/openclaw-agent/releases/download/latest/openclaw-agent.zip`). This URL uses the mutable `latest` tag, meaning the content of the zip file can change without notice. There is no checksum or signature verification provided, making it highly susceptible to supply chain attacks where a malicious actor could replace the executable with a compromised version. Running such an unverified executable poses a severe command injection risk. Provide a cryptographically verifiable download mechanism for `openclaw-agent`, such as hosting the executable on a trusted, immutable content delivery network with published SHA256 checksums or digital signatures. Avoid using mutable `latest` tags for critical binaries. | LLM | SKILL.md:5 | |
| CRITICAL | Instruction to copy-paste arbitrary script from external snippet service The skill directs macOS users to visit `https://glot.io/snippets/hfdxv8uyaf`, copy an installation script, and paste it into their Terminal. `glot.io` is a public code snippet hosting service, and the content of the snippet can be altered by its owner at any time without any notification or version control. Instructing users to execute arbitrary, unverified code from such a source is an extremely high-risk supply chain vulnerability and a direct command injection vector, allowing for complete system compromise. Remove the instruction to copy-paste from `glot.io`. Instead, provide a secure and verifiable installation method for `openclaw-agent` on macOS, such as a signed package installer, a script hosted on a trusted, immutable source with checksums, or a package manager (e.g., Homebrew) formula. | LLM | SKILL.md:7 | |
| MEDIUM | Unpinned npm package dependency The `clawhub` npm package is specified in the manifest without a version constraint. This means that `npm install -g clawhub` will always fetch the latest available version. This introduces a supply chain risk, as a malicious or vulnerable version could be published and automatically installed, potentially leading to unexpected behavior, security vulnerabilities, or breaking changes. Pin the `clawhub` npm package to a specific, known-good version (e.g., `"package": "clawhub@1.2.3"`) to ensure deterministic and secure installations. Regularly review and update the pinned version. | LLM | SKILL.md:5 |
Scan History
Embed Code
[](https://skillshield.io/report/0f01c826ad36f6bc)
Powered by SkillShield