clawhub
Warn
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill facilitates the global installation of the 'clawdhub' package from the NPM registry.
- [REMOTE_CODE_EXECUTION]: The 'clawdhub install' and 'clawdhub update' commands download external skills from 'https://clawdhub.com'. These skills may contain instructions or scripts that are dynamically loaded into the agent's environment.
- [COMMAND_EXECUTION]: The skill utilizes a CLI for tasks such as searching, installing, and publishing skills, which involves executing commands within the system's shell environment.
- [DATA_EXFILTRATION]: The 'clawdhub publish' command transmits local skill directories to the 'clawdhub.com' registry. This could potentially expose local data if an incorrect directory is targeted for publication.
- [PROMPT_INJECTION]: The ability to download and execute instructions from a remote registry creates a vulnerability surface for indirect prompt injection.
- Ingestion points: External skills are retrieved via 'clawdhub install' from the registry at 'https://clawdhub.com'.
- Boundary markers: Absent; the skill does not specify markers to distinguish between trusted system instructions and downloaded content.
- Capability inventory: The agent can execute commands and manage files using the 'clawdhub' CLI tool.
- Sanitization: Absent; no validation or filtering is performed on the content fetched from the external registry.
Audit Metadata