clawsec-clawhub-checker

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). scripts/check_clawhub_reputation.mjs directly invokes clawhub (e.g., "clawhub inspect" and "clawhub install") and parses JSON/text from ClawHub skill pages and VirusTotal Code Insight messages (public, user-published content) to compute reputation scores and drive exit codes/installation decisions.