Skills
skills/sundial-org/awesome-openclaw-skills/clawdhub/Snyk

clawdhub

Warn

Audited by Snyk on Feb 17, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The ClawdHub CLI fetches and installs skills from a public registry (default https://clawdhub.com, or any URL set via --registry or CLAWDHUB_REGISTRY), meaning it ingests untrusted, user-published content that the agent would read/execute.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The CLI uses the ClawdHub registry at https://clawdhub.com at runtime to fetch/install skills (external packages) which can contain executable code or prompt instructions that directly control agent behavior, so this is a required runtime dependency that could execute remote code.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 01:49 PM