clawhub
Warn
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill uses
npx --yes clawhub@latestto download and execute a command-line tool from the npm registry at runtime, which constitutes remote code execution from a non-whitelisted third-party source. - [EXTERNAL_DOWNLOADS]: The primary function of the skill is to fetch external agent skills from the ClawHub registry and place them into the agent's local filesystem at
~/.nanobot/workspace/skills/. - [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands with user-influenced arguments (e.g., search queries and skill slugs), which could lead to command injection if the arguments are not properly handled by the underlying tool.
- [INDIRECT_PROMPT_INJECTION]: By acting as a downloader for third-party code, this skill creates a trust chain vulnerability where search results or the content of installed skills could contain malicious instructions designed to compromise the agent during subsequent sessions.
Audit Metadata