Skills
skills/elizaos/eliza/clawhub/Gen Agent Trust Hub

clawhub

Warn

Audited by Gen Agent Trust Hub on Feb 18, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (MEDIUM): The skill metadata specifies the installation of the clawhub package via npm and interacts with https://clawhub.com to fetch resources.
  • [REMOTE_CODE_EXECUTION] (MEDIUM): The primary function of this skill is to use clawhub install and clawhub update to download and execute code from a third-party registry. This introduces a significant risk because the downloaded skills are not audited and can execute arbitrary logic in the agent's environment.
  • [COMMAND_EXECUTION] (LOW): The skill executes multiple shell commands to interact with the clawhub CLI for searching, listing, and updating skills.
  • [DATA_EXFILTRATION] (LOW): The publish command transmits local folders to a remote server. This functionality could be used to accidentally exfiltrate sensitive files if the target directory is not carefully managed by the user.
  • [INDIRECT_PROMPT_INJECTION] (LOW): Mandatory Evidence Chain: 1. Ingestion points: clawhub install (SKILL.md). 2. Boundary markers: Absent. 3. Capability inventory: Installation of new executable skills. 4. Sanitization: Absent. This creates a surface where a malicious skill hosted on the registry could inject instructions into the agent's context.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 18, 2026, 06:11 PM