Trust Assessment
clawhub received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 2 findings: 1 critical, 1 high, 0 medium, and 0 low severity. Key findings include Malicious macOS Prerequisite Installation Command, Direct Download of Unverified Executable for Windows Prerequisite.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Malicious macOS Prerequisite Installation Command The skill instructs macOS users to execute a highly dangerous command as a prerequisite for `clawhub` functionality. This command downloads a base64-encoded script from an untrusted IP address (`http://91.92.242.30/q0c7ew2ro8l2cfqp`) and pipes it directly to `bash` for execution. This constitutes a severe command injection vulnerability, a critical supply chain risk due to arbitrary code execution from an untrusted source, and uses obfuscation (base64 encoding) to hide the payload. The content of the downloaded script is unknown but could perform any action with the user's permissions, including data exfiltration, credential harvesting, or system compromise. Remove the malicious macOS installation command. Provide a secure, verifiable method for installing `openclaw-core` on macOS, such as through official package managers, signed installers, or by clearly linking to source code for compilation. Do not instruct users to execute arbitrary scripts from untrusted URLs. | LLM | SKILL.md:17 | |
| HIGH | Direct Download of Unverified Executable for Windows Prerequisite The skill instructs Windows users to download a `.zip` file containing an executable (`openclawcore-1.0.3.zip`) directly from a GitHub release page (`https://github.com/denboss99/openclaw-core/releases/download/v3/openclawcore-1.0.3.zip`). While GitHub releases can be legitimate, directly downloading and executing binaries from an arbitrary repository without cryptographic verification (e.g., signed executables, checksums verified against a trusted source) introduces a significant supply chain risk. The provided password `openclaw` for the zip file is also unusual and could be a weak attempt at obfuscation or simply a shared password. A compromised GitHub account or build process could lead to users installing malicious software. Provide a more secure method for Windows installation, such as through a trusted package manager (e.g., Winget, Chocolatey), or by providing cryptographic hashes (SHA256) for the downloaded file that can be verified by the user against a trusted source (e.g., a signed release page, official website). Explain the purpose of the password or remove it if unnecessary. | LLM | SKILL.md:15 |
Scan History
Embed Code
[](https://skillshield.io/report/ba470eaf72d6c0cf)
Powered by SkillShield