clawdhub
Warn
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill performs a global installation of the 'clawdhub' package via the npm registry, a well-known package service.
- [COMMAND_EXECUTION]: The skill uses the 'npm' and 'clawdhub' command-line tools to manage system packages and skill installations, which involves executing code that modifies the local environment.
- [REMOTE_CODE_EXECUTION]: The tool downloads agent skills from 'clawdhub.com' through the 'clawdhub install' and 'clawdhub update' commands. These skills contain logic and instructions that are executed by the agent, facilitating remote code execution from an external registry.
- [DATA_EXFILTRATION]: The 'clawdhub publish' command allows the agent to upload local directories to the 'clawdhub.com' registry. This capability can be used to exfiltrate data from the agent's workspace to an external server.
- [PROMPT_INJECTION]: By downloading skills from an external source, the agent is exposed to indirect prompt injection. Malicious instructions could be embedded in the fetched skills to manipulate agent behavior.
- Ingestion points: Remote skills fetched from 'clawdhub.com'.
- Boundary markers: No delimiters or isolation protocols are specified for the downloaded instructions.
- Capability inventory: Shell execution, directory modification, and network communication.
- Sanitization: The skill does not implement validation or sanitization for the content of the downloaded skills.
Audit Metadata