Skills
skills/gen-verse/openclaw-rl/clawhub/Gen Agent Trust Hub

clawhub

Pass

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches the clawhub CLI utility from the npm registry and downloads additional skill content from the vendor's registry at https://clawhub.com.\n- [COMMAND_EXECUTION]: Executes system commands for the npm and clawhub tools to manage skill lifecycles, including installation, updates, and publication.\n- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by processing data from an external registry.\n
  • Ingestion points: Skill metadata, names, and descriptions are retrieved from clawhub.com via the search and install commands.\n
  • Boundary markers: No delimiters or explicit instructions are used to distinguish remote registry content from system prompts.\n
  • Capability inventory: The skill can execute shell commands (npm, clawhub) and perform file system writes to the local skills directory.\n
  • Sanitization: No sanitization or validation of the fetched registry content is described or performed before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 12, 2026, 02:37 AM