clawhub
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the 'clawhub' package from npm and fetches skill content from the external registry at https://clawhub.com. These are identified as vendor-owned resources for the author 'firecrawl'.
- [COMMAND_EXECUTION]: Executes shell commands to install, update, and manage skills, which involves system-level operations and the execution of downloaded code.
- [DATA_EXFILTRATION]: Provides a 'publish' command that uploads local directory contents to the remote clawhub.com registry, creating a path for potentially sensitive local data to leave the environment.
- [PROMPT_INJECTION]: The skill's functionality to ingest and install third-party code creates a surface for indirect prompt injection. Ingestion points: External skill data is downloaded via 'clawhub install' and 'clawhub update'. Boundary markers: No delimiters or safety warnings are present in the command instructions. Capability inventory: The skill utilizes shell execution for npm and clawhub CLI tools. Sanitization: No validation or sandboxing of the content fetched from the remote registry is described.
Audit Metadata