Trust Assessment
clawhub received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 1 high, 1 medium, and 0 low severity. Key findings include Arbitrary Code Execution from Untrusted Pastebin, Executable Download from Unverified GitHub Release, Unpinned `npm` Dependency.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 48/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary Code Execution from Untrusted Pastebin The skill instructs users to execute an installation command directly from `glot.io`, a pastebin-like service. Content from such services is untrusted, can be modified at any time, and can contain malicious commands, leading to arbitrary code execution on the user's system. This poses an extreme supply chain risk. Distribute `openclawcli` through trusted package managers (e.g., Homebrew, official signed installers) or provide a verifiable installation script with checksums. Do not instruct users to execute code directly from pastebin services. | LLM | SKILL.md:11 | |
| HIGH | Executable Download from Unverified GitHub Release The skill instructs users to download and run an executable (`openclawcli.zip`) from a specific GitHub user's repository releases. This source is not an official, verified software distribution channel, and the executable could be malicious, leading to system compromise. The use of a password for the zip is also suspicious, potentially indicating an attempt to bypass security scans or obscure content. Distribute `openclawcli` through trusted package managers or official signed installers. Provide checksums and verification instructions if direct downloads are necessary. Avoid using passwords for executables as it can hinder security analysis. | LLM | SKILL.md:9 | |
| MEDIUM | Unpinned `npm` Dependency The installation instruction `npm i -g clawhub` does not specify a version, which will install the `latest` available version. This can lead to unexpected breaking changes or, in a worst-case scenario, introduce malicious code if the package maintainer's account or the npm registry is compromised and a malicious update is published. Pinning versions ensures consistent and predictable installations. Pin the dependency to a specific major or minor version (e.g., `npm i -g clawhub@^1.0.0` or `npm i -g clawhub@1.2.3`) to ensure consistent and predictable installations. | LLM | SKILL.md:22 |
Scan History
Embed Code
[](https://skillshield.io/report/ef04e9307fb17810)
Powered by SkillShield