clawhub
Warn
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill's installation process fetches the 'clawhub' package globally from the npm registry. It also establishes persistent communication with 'https://clawhub.com' for searching and fetching skills.
- [REMOTE_CODE_EXECUTION]: The 'clawhub install' and 'clawhub update' commands download external files from a remote registry. These files (skills) contain instructions and potentially scripts that are executed or processed by the AI agent, creating a path for remote code delivery.
- [COMMAND_EXECUTION]: The skill uses the 'clawhub' binary to perform system-level operations, including login, package installation, and updates. Global npm installations often require elevated permissions.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. Malicious instructions could be embedded in the skills downloaded from the third-party registry (clawhub.com).
- Ingestion points: Files downloaded via 'clawhub install' into the './skills' directory.
- Boundary markers: None identified in the provided documentation to isolate external skill content from the primary agent context.
- Capability inventory: The skill has the ability to run shell commands via the CLI.
- Sanitization: No verification or sanitization of the downloaded skill content is mentioned before it is integrated into the agent's workspace.
Audit Metadata