clawdhub
Fail
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads the 'clawdhub' CLI package from the npm registry and subsequently fetches executable skill content from the external domain 'clawdhub.com'.
- [REMOTE_CODE_EXECUTION]: The 'clawdhub install' and 'clawdhub update' commands download and deploy external skill files into the local environment, where they can be subsequently executed by the agent, creating a vector for untrusted code execution.
- [COMMAND_EXECUTION]: The skill utilizes shell commands including 'npm' and the custom 'clawdhub' binary to perform global system modifications and manage local files.
- [DATA_EXFILTRATION]: The 'clawdhub publish' command is designed to upload local skill folders and their contents to the 'clawdhub.com' registry, which can be used to transmit sensitive information if not carefully monitored.
- [REMOTE_CODE_EXECUTION]: Ingestion point for indirect prompt injection via the 'clawdhub.com' registry. The skill lacks explicit boundary markers or sanitization logic when processing content downloaded from the remote registry, which may allow malicious instructions embedded in skills to influence the agent's behavior (Category 8 surface detection).
Recommendations
- AI detected serious security threats
Audit Metadata