clawdhub
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The skill requires the installation of the clawdhub package from npm (npm i -g clawdhub). This package and its registry (clawdhub.com) are not on the list of trusted sources, posing a risk of malicious code execution during or after installation.
- REMOTE_CODE_EXECUTION (HIGH): The core functionality revolves around clawdhub install and clawdhub update, which download and potentially execute code from a remote registry. This creates a supply-chain risk where the agent could ingest and run malicious instructions or scripts.
- DATA_EXFILTRATION (MEDIUM): The clawdhub publish command allows the agent to upload local folders to a remote server. An attacker using prompt injection could trick the agent into publishing sensitive directories containing credentials or private data.
- PROMPT_INJECTION (HIGH): As a package manager for skills, this tool has a high attack surface for Indirect Prompt Injection (Category 8). Ingestion point: clawdhub install; Boundary markers: absent; Capability inventory: shell execution and package installation; Sanitization: absent. The tool lacks mechanisms to isolate or sanitize the content of downloaded skills.
Recommendations
- AI detected serious security threats
Audit Metadata