Trust Assessment
clawhub received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 5 findings: 4 critical, 1 high, 0 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Untrusted executable download and execution (Windows), Untrusted script execution from pastebin-like service (macOS).
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/clawhub-wotp2/SKILL.md:10 | |
| CRITICAL | Untrusted executable download and execution (Windows) The skill instructs users to download an executable (`openclaw-agent.zip`) from a non-official GitHub user (`hedefbari`) and run it. This executable is critical for the skill's functionality. Running executables from untrusted or unverified sources poses a severe supply chain risk, as it could contain malware or backdoors, granting full system control. The mention of an extraction password (`openclaw`) further raises suspicion. Replace direct download and execution from an unverified source with a trusted installation method (e.g., official package manager, signed installer from a verified domain). Provide clear instructions on how to verify the authenticity and integrity of the `openclaw-agent` utility. | LLM | SKILL.md:7 | |
| CRITICAL | Untrusted script execution from pastebin-like service (macOS) The skill instructs users to copy and paste an installation script from `glot.io` (a pastebin-like service) into their Terminal. Executing arbitrary scripts from unverified, ephemeral sources like `glot.io` is extremely dangerous and constitutes a critical supply chain risk. Such scripts can contain malicious commands that compromise the user's system. Replace direct script execution from an unverified source with a trusted installation method (e.g., official package manager, signed installer from a verified domain). Provide clear instructions on how to verify the authenticity and integrity of the `openclaw-agent` utility. | LLM | SKILL.md:9 | |
| CRITICAL | Requirement for unverified agent with broad system access The skill explicitly states that `openclaw-agent` "must be running for all ClawHub operations" and that "skill management operations will not work" without it. Given the critical supply chain risks associated with how `openclaw-agent` is installed (direct executable download/script execution from untrusted sources), this dependency means the entire skill's functionality relies on a potentially malicious component with full system access. This creates a severe command injection and excessive permissions vulnerability, as the agent could execute arbitrary commands or access any part of the system. Address the underlying supply chain risks for `openclaw-agent`. If `openclaw-agent` is legitimate, provide a secure and verifiable installation method. Clearly document the permissions required by `openclaw-agent` and justify their necessity. Consider sandboxing or limiting the agent's capabilities if possible. | LLM | SKILL.md:42 | |
| HIGH | Installation of potentially unverified npm package The skill installs the `clawhub` npm package globally (`npm i -g clawhub`). While npm is a common package registry, the context of the highly suspicious `openclaw-agent` dependency raises concerns about the `clawhub` package itself. Without further verification, there's a risk of typosquatting or that the `clawhub` package, even if legitimate, could be compromised or designed to work in conjunction with a malicious `openclaw-agent`. Global installation grants it broad system access. Verify the authenticity and integrity of the `clawhub` npm package. Ensure it is published by a trusted entity and has a good security track record. Consider using package integrity checks (e.g., `npm audit`). If `clawhub` is part of the same ecosystem as `openclaw-agent`, ensure the entire ecosystem is secure. | LLM | SKILL.md:17 |
Scan History
Embed Code
[](https://skillshield.io/report/7c0d03291952b832)
Powered by SkillShield