Trust Assessment
clawhub received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 6 findings: 2 critical, 4 high, 0 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Direct execution of untrusted script from external pastebin, Direct download and execution of unverified binary.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 10/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings6
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/clawhub-wixce/SKILL.md:10 | |
| CRITICAL | Direct execution of untrusted script from external pastebin The macOS installation instructions direct users to copy and paste an arbitrary script from 'glot.io' into their terminal. This is a severe supply chain risk and command injection vulnerability, as the content of the script is not vetted, can change at any time, and will be executed with the user's privileges. A malicious script could compromise the user's system. Avoid direct execution of unvetted scripts from untrusted sources. Provide a signed, auditable installer or a clear, auditable script directly within the skill package or a trusted, version-controlled repository. | LLM | SKILL.md:9 | |
| HIGH | Direct download and execution of unverified binary The Windows installation instructions require downloading an executable ('openclaw-agent.zip') directly from a GitHub release URL ('https://github.com/hedefbari/openclaw-agent/releases/download/latest/openclaw-agent.zip'). While GitHub releases are common, downloading and executing an arbitrary binary without cryptographic verification (e.g., signed executable, checksum verification) introduces a significant supply chain risk. The binary could be malicious or compromised. Provide cryptographic signatures for binaries (e.g., GPG, Authenticode) and instructions for users to verify them. Alternatively, distribute through trusted package managers. | LLM | SKILL.md:7 | |
| HIGH | Installation of external npm package 'clawhub' The skill's manifest and instructions specify installing the 'clawhub' CLI globally via 'npm i -g clawhub'. This introduces a supply chain risk as the 'clawhub' package from the npm registry could be malicious, compromised, or a typosquat. A malicious package could execute arbitrary code during installation (e.g., via post-install scripts) or during its normal operation, leading to command injection or data exfiltration. Implement strict package integrity checks (e.g., lock files with hashes, private registry mirroring). Regularly audit the 'clawhub' package for vulnerabilities or malicious code. Consider sandboxing the installation environment. | LLM | SKILL.md:17 | |
| HIGH | Installation of skills from external, unverified registry 'clawhub.ai' The skill allows installing other skills using 'clawhub install my-skill', with the default registry being 'https://www.clawhub.ai/'. This introduces a significant supply chain risk. If the 'clawhub.ai' registry is compromised or hosts malicious skills, installing skills from it could lead to arbitrary code execution, data exfiltration, or other system compromises. The trustworthiness and security posture of 'clawhub.ai' are critical but not verifiable from the provided context. Implement strict vetting and sandboxing for installed skills. Provide mechanisms for users to verify the integrity and origin of skills before installation. Consider using a trusted, curated skill registry. | LLM | SKILL.md:58 | |
| HIGH | Potential for credential harvesting via 'clawhub login' The skill includes a 'clawhub login' command, which implies handling user credentials (e.g., API keys, tokens, passwords). If the 'clawhub' CLI (which is installed from an external npm package, a supply chain risk) is malicious or compromised, it could be designed to harvest these credentials during the login process. Ensure the 'clawhub' CLI is thoroughly audited for security vulnerabilities. Implement secure credential storage and handling practices. Advise users to use temporary or scoped credentials where possible. | LLM | SKILL.md:22 |
Scan History
Embed Code
[](https://skillshield.io/report/2b649fe3833779c3)
Powered by SkillShield