Clawdhub 1.0.0

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed ClawdHub CLI helper for managing skills, with real but expected risks around installing, updating, and publishing skills.

Install only if you want an agent to manage ClawdHub skills. Approve install, update, update-all, force, no-input, login, and publish actions deliberately; avoid bulk forced updates unless you intend to update all skills, and review any folder before publishing it to the registry.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The documentation explicitly includes broad update commands such as `clawdhub update --all --no-input --force` without warning that they can non-interactively modify many installed skills at once. In an agent context, this increases the chance of silent supply-chain changes, unexpected behavior shifts, or mass installation of malicious updates if the registry or dependency source is compromised.

Missing User Warnings

Medium

Confidence: 82% confidence
Finding: The publish instructions show `clawdhub login` and `clawdhub publish ./my-skill ...` but do not warn that publishing sends local skill contents and metadata to a remote registry. In practice, a user may unintentionally upload sensitive files, embedded secrets, internal prompts, or proprietary code if the skill directory is not carefully reviewed.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal