clawhub
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill involves downloading the 'clawhub' CLI tool from the NPM registry and fetching skill contents from the vendor's registry at clawhub.com.
- [COMMAND_EXECUTION]: The agent uses the 'clawhub' CLI to perform skill lifecycle operations, including searching, installing, and updating content on the local filesystem.
- [DATA_EXFILTRATION]: The skill includes a 'publish' command that transmits local skill directories and associated metadata to the ClawHub registry for distribution.
- [PROMPT_INJECTION]: The skill acts as an ingestion point for untrusted data from the ClawHub registry, creating a surface for potential indirect prompt injection.
- Ingestion points: Output from 'clawhub search' and 'clawhub list' commands in SKILL.md.
- Boundary markers: No explicit boundary markers or delimiters are specified in the skill instructions to separate registry data from agent instructions.
- Capability inventory: The skill has the ability to install new code and execute shell commands via the CLI.
- Sanitization: There is no documented sanitization or validation of the text returned from the registry search or list commands.
Audit Metadata