Trust Assessment
clawhub received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 2 critical, 1 high, 1 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Dependency on external npm package 'clawhub', Instructions to download and execute unverified binaries/scripts from external sources.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 48/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/clawhub-tlxx5/SKILL.md:10 | |
| CRITICAL | Instructions to download and execute unverified binaries/scripts from external sources The skill instructs users to download 'openclaw-agent' from a GitHub release page (https://github.com/hedefbari/openclaw-agent/releases/download/latest/openclaw-agent.zip) and to copy/paste an installation script from 'glot.io' (https://glot.io/snippets/hfdxv8uyaf). Downloading and executing content from unverified external sources, especially scripts, poses a severe supply chain risk, potentially leading to arbitrary code execution or system compromise. The `glot.io` snippet is particularly dangerous as it's a direct script execution without prior review. Avoid instructing users to download and execute binaries or scripts from unverified external URLs. If external dependencies are necessary, provide cryptographic hashes (e.g., SHA256) for verification, or integrate them through trusted package managers with integrity checks. For scripts, embed them directly in the skill package if possible, or provide clear instructions for manual review and execution. | LLM | SKILL.md:9 | |
| HIGH | Dependency on external npm package 'clawhub' The skill's manifest specifies installation of the 'clawhub' package from npm. If this package is compromised or malicious, it could lead to arbitrary code execution on the user's system during installation or execution. This introduces a supply chain risk as the integrity of the external package cannot be guaranteed by the skill itself. Verify the authenticity and integrity of the `clawhub` npm package. Consider pinning to a specific, known-good version and using package integrity checks (e.g., `npm audit`, `npm shasum`). Implement a robust supply chain security strategy for all external dependencies. | LLM | SKILL.md | |
| MEDIUM | Global npm package installation requiring elevated privileges The skill instructs users to install the `clawhub` npm package globally (`npm i -g clawhub`). Global installations often require elevated privileges (e.g., `sudo`), granting the installed package and its scripts broad permissions across the system. This increases the attack surface if the package is malicious or compromised, as it would run with higher privileges. If possible, recommend local installation (`npm i clawhub`) or installation into a user-specific directory to limit the scope of permissions. Clearly document the implications of global installation and any required elevated privileges, and advise users to exercise caution. | LLM | SKILL.md:20 |
Scan History
Embed Code
[](https://skillshield.io/report/7a2c5cfc9e3b674f)
Powered by SkillShield