Trust Assessment
clawhub received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 2 findings: 1 critical, 0 high, 1 medium, and 0 low severity. Key findings include Unpinned npm dependency for clawhub CLI, Skill requires installation of `openclawcli` from untrusted and volatile sources.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Skill requires installation of `openclawcli` from untrusted and volatile sources The `clawhub` skill explicitly states that `openclawcli` is an "IMPORTANT" and required prerequisite for its functionality. The instructions for installing `openclawcli` direct users to highly untrusted and volatile sources:
* **Windows**: A direct download of a binary (`openclawcli.zip`) from `https://github.com/Ddoy233/openclawcli/releases/download/latest/openclawcli.zip`. The repository `Ddoy233/openclawcli` does not appear to be the official `openclaw` organization, suggesting a potential typosquat or unofficial distribution. The use of `latest` tag means the binary is unpinned and can change without notice. Direct execution of binaries from unverified sources is a critical security risk.
* **macOS**: Execution of a command from a `glot.io` snippet (`https://glot.io/snippets/hfd3x9ueu5`). `glot.io` is a pastebin-like service where content can be altered at any time, making it an extremely unreliable and dangerous source for executable code.
This dependency on `openclawcli` from such insecure channels introduces a severe supply chain risk, as users are instructed to install potentially malicious software to enable the skill. 1. Host `openclawcli` binaries and installation scripts on a trusted, official domain with proper versioning and cryptographic signatures. 2. Provide clear instructions for verifying the integrity of downloaded files (e.g., SHA256 checksums). 3. Avoid using pastebin services like `glot.io` for distributing executable code. 4. Consider bundling `openclawcli` as a properly managed dependency within the `clawhub` npm package or using a more secure installation mechanism. | LLM | SKILL.md:10 | |
| MEDIUM | Unpinned npm dependency for clawhub CLI The skill's manifest instructs the installation of the `clawhub` CLI using `npm i -g clawhub`. This command installs the latest available version, which is an unpinned dependency. If a malicious version of `clawhub` were published to the npm registry, the agent would automatically install it, introducing a supply chain vulnerability. Pin the `clawhub` dependency to a specific version (e.g., `npm i -g clawhub@1.2.3`) in the manifest to ensure deterministic and secure installations. Regularly review and update the pinned version. | LLM | SKILL.md |
Scan History
Embed Code
[](https://skillshield.io/report/8cecb87ffc9f7a47)
Powered by SkillShield