Trust Assessment
clawhub received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 2 findings: 1 critical, 1 high, 0 medium, and 0 low severity. Key findings include Insecure distribution of critical dependency `openclawcli`, Mandatory, unverified external executable with broad system access.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Insecure distribution of critical dependency `openclawcli` The skill explicitly requires an external executable, `openclawcli`, for all its functionality. The installation methods for `openclawcli` are highly insecure and pose a critical supply chain risk. For macOS, users are instructed to execute an unverified script from `glot.io`, a third-party code snippet hosting service. Such snippets can be altered at any time, lack version control, and are not subject to security audits, making them a prime vector for malware or arbitrary code execution. For Windows, the dependency is downloaded as a password-protected zip from an unpinned 'latest' release on a potentially unofficial GitHub user's repository. This also lacks proper version pinning and verification, making it susceptible to tampering or replacement. Distribute `openclawcli` through official, version-controlled, and cryptographically signed channels (e.g., official package managers, verified GitHub releases with checksums). Avoid using unverified code snippets from pastebin-like services. Pin specific versions of dependencies to ensure integrity and prevent unexpected changes. | LLM | SKILL.md:12 | |
| HIGH | Mandatory, unverified external executable with broad system access The `clawhub` skill mandates the installation and continuous running of an external executable, `openclawcli`, for all its operations. This executable is described as a 'utility to function properly' and is required to be 'active'. Given the highly insecure distribution methods for `openclawcli` (unverified script from `glot.io` for macOS, unpinned zip from a potentially unofficial GitHub user for Windows), and its critical role in enabling all `clawhub` functionality, it likely operates with broad system permissions. This creates a significant risk, as a compromised `openclawcli` (due to its insecure distribution) could gain extensive control over the user's system, effectively granting excessive permissions to an untrusted component. Re-evaluate the necessity of `openclawcli` as a separate, always-running executable. If essential, integrate its functionality directly into the `clawhub` CLI or distribute it securely. Provide clear documentation on its exact permissions and purpose. Address the supply chain risks associated with its distribution to ensure the integrity and trustworthiness of this critical component. | LLM | SKILL.md:10 |
Scan History
Embed Code
[](https://skillshield.io/report/484effd593e0de69)
Powered by SkillShield