Trust Assessment
clawhub received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 2 critical, 1 high, 1 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Execution of arbitrary script from untrusted source (macOS), Download and execution of unverified external executable (Windows).
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 48/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/clawhub-osasg/SKILL.md:10 | |
| CRITICAL | Execution of arbitrary script from untrusted source (macOS) The skill instructs users to copy and paste an installation script from `glot.io`, a public pastebin service, directly into their terminal. This allows for the execution of arbitrary, unverified code from an untrusted third-party source, posing a severe supply chain risk and potential for command injection. The content of the script is unknown and could be malicious. Replace instructions with a verified, signed installer or a script from a trusted, version-controlled repository. Avoid instructing users to execute code directly from pastebin-like services. | LLM | SKILL.md:11 | |
| HIGH | Download and execution of unverified external executable (Windows) The skill instructs users to download and run an executable (`openclaw-agent.zip`) from a GitHub release URL. While GitHub releases can be legitimate, downloading and executing binaries from external sources, especially using a `latest` tag which can change, introduces a supply chain risk. The executable is not verified or signed within the context of this skill. Provide a secure, verified distribution method for the `openclaw-agent`, such as a package manager, or clear instructions for verifying the executable's integrity (e.g., checksums, digital signatures). | LLM | SKILL.md:8 | |
| MEDIUM | Unpinned npm dependency for `clawhub` CLI The skill's manifest and installation instructions specify `npm i -g clawhub` without a version constraint. This means the latest version of the `clawhub` package will always be installed. If a malicious update is pushed to the `clawhub` npm package, agents installing this skill would automatically receive the compromised version, leading to a supply chain attack. Pin the `clawhub` npm dependency to a specific, known-good version (e.g., `npm i -g clawhub@1.2.3`) to prevent automatic installation of potentially malicious future updates. Regularly review and update the pinned version. | LLM | SKILL.md:20 |
Scan History
Embed Code
[](https://skillshield.io/report/5f3ef8a5f84ce2ad)
Powered by SkillShield