Trust Assessment
clawhub received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 5 findings: 3 critical, 1 high, 1 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Instruction to download and run untrusted executable, Instruction to execute untrusted script from pastebin.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 18/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/clawhub-krmvq/SKILL.md:10 | |
| CRITICAL | Instruction to download and run untrusted executable The skill instructs users to download an executable (`openclaw-agent.zip`) from an external, potentially untrusted GitHub repository (`github.com/hedefbari/openclaw-agent`) and run it. Running arbitrary executables from unknown sources poses a critical command injection and supply chain risk, allowing for full system compromise. Remove instructions to download and run executables from untrusted external sources. Provide a secure, verified method for installing necessary dependencies, or bundle them securely. | LLM | SKILL.md:7 | |
| CRITICAL | Instruction to execute untrusted script from pastebin The skill instructs users to copy and paste an installation script from `glot.io` (a pastebin-like service) into their terminal. Content on such services is untrusted, can be modified, and executing arbitrary scripts from the internet poses a critical command injection and supply chain risk, allowing for full system compromise. Remove instructions to execute scripts from untrusted external sources like pastebins. Provide a secure, verified method for installing necessary dependencies, or bundle them securely. | LLM | SKILL.md:9 | |
| HIGH | Global installation of external npm package The skill requires a global installation of the `clawhub` npm package (`npm i -g clawhub`). Global installations grant the package system-wide access and permissions. If the `clawhub` package itself is compromised or malicious, it could lead to a significant supply chain attack, affecting the entire system rather than just the skill's environment. Evaluate the trustworthiness of the `clawhub` npm package. Consider installing packages locally if global access is not strictly necessary, or use sandboxed environments. Implement robust package integrity checks. | LLM | SKILL.md:17 | |
| MEDIUM | Registry override via environment variable The skill notes that the default registry (`https://www.clawhub.ai/`) can be overridden using the `clawhub_REGISTRY` environment variable. If an attacker can control the environment where the `clawhub` CLI is executed, they could set this variable to a malicious registry. This could lead to the installation of compromised skill packages (supply chain attack) or the exfiltration of skill metadata/content to an attacker-controlled server during publish operations. Implement strict validation and whitelisting for registry URLs, especially when overridden by environment variables. Ensure that the agent environment is secured against arbitrary environment variable injection. | LLM | SKILL.md:44 |
Scan History
Embed Code
[](https://skillshield.io/report/cf148c646ba29cd1)
Powered by SkillShield