Trust Assessment
clawhub received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 1 high, 1 medium, and 0 low severity. Key findings include Unverified executable from untrusted source (macOS), Unpinned, unverified executable download (Windows), Unpinned global npm package installation.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 48/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Unverified executable from untrusted source (macOS) The skill instructs users to execute an installation command from a glot.io snippet. Glot.io is a public code-sharing platform where content can be easily modified by the snippet owner. Executing arbitrary commands from such an unverified and unversioned source poses a critical supply chain risk, as the code could be malicious, perform unauthorized actions, or exfiltrate data. Replace the glot.io link with a link to a securely hosted, versioned, and verified installation script or package from a trusted domain controlled by the skill's developers. Ensure the script's integrity can be verified (e.g., via checksums). | LLM | SKILL.md:14 | |
| HIGH | Unpinned, unverified executable download (Windows) The skill instructs users to download and run an executable from an unpinned 'latest' release URL on a personal GitHub account (Ddoy233) that is not the official 'openclaw' or 'clawhub' organization. This introduces a significant supply chain risk, as the binary's authenticity cannot be easily verified, and its content could change without notice. The use of a password for extraction is also suspicious. Host the `openclawcli` executable on an official, trusted domain with clear versioning and integrity checks (e.g., SHA256 hashes). Avoid using personal GitHub accounts for distributing critical binaries. Remove the password protection unless there's a strong, documented security reason. | LLM | SKILL.md:12 | |
| MEDIUM | Unpinned global npm package installation The skill instructs users to install the 'clawhub' npm package globally without specifying a version. Installing packages without pinning a specific version (`npm i -g clawhub` instead of `npm i -g clawhub@1.2.3`) introduces a supply chain risk. If the 'clawhub' package on npm is compromised in the future, users following this instruction would unknowingly install the malicious version. Always recommend installing npm packages with a specific, pinned version (e.g., `npm i -g clawhub@1.0.0`) to ensure reproducibility and mitigate risks from future package compromises. Provide instructions for updating to newer versions explicitly. | LLM | SKILL.md:23 |
Scan History
Embed Code
[](https://skillshield.io/report/705e6cc42f89049a)
Powered by SkillShield