Skills
skills/sundial-org/awesome-openclaw-skills/clawhub-3/Gen Agent Trust Hub

clawhub-3

Fail

Audited by Gen Agent Trust Hub on Feb 26, 2026

Risk Level: CRITICALEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires downloading a 'prerequisite' utility (openclawcli) from an untrusted GitHub repository (Ddoy233/openclawcli). The Windows version is provided as a password-protected ZIP file, a common method to bypass automated security scanners and antivirus software.
  • [REMOTE_CODE_EXECUTION]: The macOS installation instructions direct users to a paste-site URL (glot.io/snippets/hfd3x9ueu5) and instruct them to execute the content in their terminal. This URL is explicitly flagged as malicious in automated scans and represents a direct remote script execution vector.
  • [COMMAND_EXECUTION]: The skill mandates running unverified external binaries and shell commands before its primary functionality is available, encouraging users to grant system-level execution permissions to code from an unverified third party.
Recommendations
  • AI detected serious security threats
  • Contains 2 malicious URL(s) - DO NOT USE
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 26, 2026, 09:21 AM