clawdhub

The ClawdHub CLI skill is coherent with its stated purpose: it installs a legitimate CLI tool from npm, uses it to interact with a remote skill registry, and supports local skill management workflows (search/install/update/publish). Credentials are limited to the expected publish workflow, and data flows are consistent with a developer tooling scenario. No indicators of improper data exfiltration, stealth behavior, or malicious third-party payloads are evident from the provided content. The primary security concerns are typical for CLI-based developer tooling: dependency trust, proper handling of credentials, and explicit user consent for publish actions. Overall, the risk profile is low to moderate (securityRisk ~0.25) with no demonstrated malware. Recommend standard usage with attention to credential handling and network access controls.