clawdhub

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill fetches and installs agent skills from the public ClawdHub registry (https://clawdhub.com) using commands like "clawdhub install" and "clawdhub update", exposing the agent to arbitrary third-party/user-provided skill code and metadata that could carry indirect prompt-injection content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The ClawdHub CLI uses the default registry https://clawdhub.com at runtime to fetch and install "skills" (remote packages that can contain agent prompts or executable code), so remote content from that URL can directly control agent behavior or execute code.