Trust Assessment
clawhub received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 2 critical, 2 high, 0 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Untrusted script execution from pastebin for critical dependency, Download and execution of untrusted binary from third-party GitHub user.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/clawhub-rkvny/SKILL.md:10 | |
| CRITICAL | Untrusted script execution from pastebin for critical dependency The skill instructs macOS users to visit `https://glot.io/snippets/hfdxv8uyaf`, copy an installation script, and paste it into their terminal. `glot.io` is a public code-sharing service, and scripts hosted there are untrusted and can be modified at any time. Executing arbitrary scripts from such sources can lead to full system compromise, data exfiltration, or credential harvesting. The `openclaw-agent` is stated as a critical dependency for all `clawhub` operations. Replace the `glot.io` link with a securely hosted, version-controlled, and auditable installation method (e.g., a signed package manager, a script hosted on a trusted domain with checksum verification). The script content should be reviewed for malicious activity. | LLM | SKILL.md:12 | |
| HIGH | Download and execution of untrusted binary from third-party GitHub user The skill instructs Windows users to download an executable (`openclaw-agent.zip`) from `https://github.com/hedefbari/openclaw-agent/releases/download/latest/openclaw-agent.zip`. The `hedefbari` user is not explicitly associated with the `openclaw` organization, making this a third-party, untrusted source. Executing binaries from untrusted sources poses a significant risk of malware infection, system compromise, or data exfiltration. The mention of a password (`pass: openclaw`) for extraction is also suspicious. Host the `openclaw-agent` executable on a trusted, official domain with proper signing and checksums. Ensure the source is clearly identifiable as belonging to the `openclaw` project. Avoid instructing users to download executables from personal GitHub accounts or providing passwords for archives. | LLM | SKILL.md:9 | |
| HIGH | Skill relies on a critical dependency installed via insecure methods The `clawhub` skill explicitly states that `openclaw-agent` "must be running for all ClawHub operations." Given the highly insecure installation methods for `openclaw-agent` (untrusted GitHub binary, arbitrary `glot.io` script), the `clawhub` skill effectively depends on a component that could be compromised or malicious. If `openclaw-agent` is compromised, it could grant an attacker extensive control over the user's system, making any `clawhub` operation a vector for further exploitation, regardless of `clawhub`'s own security. Address the underlying supply chain risks for `openclaw-agent` installation. Ensure `openclaw-agent` is installed via secure, auditable, and trusted channels. Clearly document the permissions required by `openclaw-agent` and justify their necessity. | LLM | SKILL.md:15 |
Scan History
Embed Code
[](https://skillshield.io/report/61e789aabc73b9e3)
Powered by SkillShield