clawdhub
Warn
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the 'clawdhub' package via npm and interacts with the 'clawdhub.com' registry to fetch skill updates and new installations.- [REMOTE_CODE_EXECUTION]: The 'install' and 'update' commands download external logic and configuration files from a remote registry into the local environment for execution by the agent.- [COMMAND_EXECUTION]: Uses system-level commands to manage the lifecycle of agent skills, including global package installation and directory-level publishing operations.- [DATA_EXFILTRATION]: Provides a 'publish' command that transmits local folder contents and metadata to the external 'clawdhub.com' registry.- [PROMPT_INJECTION]: The skill acts as a gateway for third-party content, creating a surface for indirect prompt injection where instructions within installed skills could influence agent behavior.
- Ingestion points: External skill packages retrieved from clawdhub.com via the 'install' command.
- Boundary markers: No specific delimiters or safety instructions are defined in the CLI to isolate external skill content.
- Capability inventory: Includes the ability to write to the filesystem, execute shell commands, and perform network requests.
- Sanitization: There is no evidence of validation or content filtering for the skills retrieved from the remote registry.
Audit Metadata