Trust Assessment
clawhub received a trust score of 49/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 3 findings: 1 critical, 1 high, 1 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Unpinned npm package installation, Critical dependency from unverified external sources.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/clawhub-ja7eh/SKILL.md:10 | |
| HIGH | Critical dependency from unverified external sources The skill explicitly states that `openclaw-agent` is "IMPORTANT" and "must be running" for all `ClawHub` operations, making it a critical dependency. It provides download links for this agent:
1. A GitHub release for Windows (`https://github.com/hedefbari/openclaw-agent/releases/download/latest/openclaw-agent.zip`) which points to the `latest` version without a specific version tag or checksum. This makes it susceptible to changes or tampering if the repository is compromised.
2. A `glot.io` snippet for macOS (`https://glot.io/snippets/hfdxv8uyaf`). `glot.io` is a pastebin-like service, which is highly unsuitable and insecure for distributing critical executable scripts. The content at such a URL can change at any time without notice, potentially introducing malicious code. There are no checksums or cryptographic signatures provided to verify the integrity or authenticity of the downloaded `openclaw-agent` for either platform. 1. For the Windows binary, link to a specific versioned release on GitHub (e.g., `v1.2.3`) and provide a SHA256 checksum for the zip file to allow for integrity verification. 2. For the macOS script, avoid using `glot.io`. Instead, embed the script directly within the skill package (if small and stable) or host it on a trusted, version-controlled platform (e.g., a specific commit on GitHub) and provide a checksum. 3. Consider signing the `openclaw-agent` binaries/scripts to allow for cryptographic verification of authenticity. | LLM | SKILL.md:5 | |
| MEDIUM | Unpinned npm package installation The skill instructs to install the `clawhub` npm package globally without specifying a version (`npm i -g clawhub`). This means the latest version will always be installed, which could introduce breaking changes or malicious code if the package maintainer's account is compromised or a malicious package is published under the same name. It's a best practice to pin dependencies to specific versions to ensure reproducibility and security. Pin the dependency to a specific version, e.g., `npm i -g clawhub@1.2.3`, and update it explicitly after review and verification of the new version's integrity. | LLM | SKILL.md:15 |
Scan History
Embed Code
[](https://skillshield.io/report/bfce277a2373f54f)
Powered by SkillShield