Trust Assessment
clawhub received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 2 critical, 1 high, 1 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Arbitrary script execution from untrusted source (glot.io), Unverified executable download from mutable 'latest' GitHub release.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 48/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/clawhub-sxtsn/SKILL.md:10 | |
| CRITICAL | Arbitrary script execution from untrusted source (glot.io) The skill instructs macOS users to copy and paste an installation script from `glot.io` directly into their terminal. This allows for the execution of arbitrary, unverified code from an external snippet hosting service, posing a severe command injection and supply chain risk. The content of the script can change at any time without notice, leading to potential remote code execution. Avoid instructing users to execute arbitrary scripts from untrusted or unversioned sources. Provide a verifiable, versioned installation method (e.g., a signed package, a script hosted in the repository itself with a specific commit hash, or a well-known package manager). | LLM | SKILL.md:13 | |
| HIGH | Unverified executable download from mutable 'latest' GitHub release The skill instructs Windows users to download an executable (`openclaw-agent.zip`) from a GitHub `latest` release tag. The `latest` tag is mutable and can be updated with malicious code at any time. The source (`hedefbari` user) is not explicitly verified, posing a significant supply chain risk as the downloaded binary could be compromised. Pin the download to a specific, immutable release tag or commit hash. Provide checksums (e.g., SHA256) for verification. Consider distributing through a trusted package manager or official channels. | LLM | SKILL.md:10 | |
| MEDIUM | Unpinned npm package dependency The skill instructs users to install the `clawhub` npm package globally (`npm i -g clawhub`). Neither the manifest nor the skill body specifies a version, meaning the `latest` version will be installed. This introduces a supply chain risk as a malicious update to the `clawhub` package could be automatically installed without explicit user consent or review. Always pin dependencies to a specific version (e.g., `npm i -g clawhub@1.2.3`) to ensure reproducibility and prevent unexpected malicious updates. Regularly audit and update pinned versions. | LLM | SKILL.md:20 |
Scan History
Embed Code
[](https://skillshield.io/report/59ca162d44ad4143)
Powered by SkillShield