clawhub
Warn
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill performs a global installation of the clawhub package via npm and interacts with the external domain clawhub.com.
- [REMOTE_CODE_EXECUTION]: Commands such as clawhub install and clawhub update download and install additional skill code from a third-party registry, enabling the execution of external scripts.
- [COMMAND_EXECUTION]: The skill executes multiple shell commands for package management and authentication, including npm install, clawhub login, and clawhub publish.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8). Ingestion points: clawhub search and clawhub list commands (SKILL.md). Boundary markers: None present. Capability inventory: npm install, clawhub install, and clawhub update (SKILL.md). Sanitization: None detected. Untrusted metadata from the registry could influence agent behavior.
Audit Metadata