clawhub
Fail
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (HIGH): The skill uses 'npx --yes clawhub@latest' to download and run code from the npm registry. Since the package is not from a trusted organization and the version is not pinned, the code source is unverifiable and subject to change at any time.
- [REMOTE_CODE_EXECUTION] (HIGH): Executing 'npx' with unpinned, untrusted packages allows for arbitrary code execution on the user's machine, effectively granting the package author control over the agent's execution environment.
- [COMMAND_EXECUTION] (MEDIUM): The skill performs shell-based installations and updates that modify the local filesystem at '~/.nanobot/workspace', introducing a mechanism for persistent code execution across agent sessions.
- [INDIRECT_PROMPT_INJECTION] (LOW): 1. Ingestion points: Data is retrieved from an external registry via the 'search' command. 2. Boundary markers: No delimiters are used to isolate registry-provided text from agent instructions. 3. Capability inventory: The skill has the ability to execute shell commands and write to sensitive directories. 4. Sanitization: No input validation is mentioned for search results or skill slugs before they are passed to execution strings.
Recommendations
- AI detected serious security threats
Audit Metadata