ClawHub

clawhub

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate ClawHub skill search/install helper, but it can persistently install or replace agent skills from a remote registry without enough overwrite protection.

Review the skill source and publisher before installing remote skills with it. Use it only when you intend to add ClawHub skills to your agent, and check whether a target skill directory already exists before running downloads because replacement may change future agent behavior.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill description tells the agent to download and install skills into ~/.agents/skills/clawhub-skills/<slug>/ but does not warn the user that this writes persistent files into their home directory. Because it installs code obtained from a remote registry, the lack of an explicit warning reduces informed consent and increases the chance of unsafe installation of untrusted content.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script installs downloaded content directly into the user's skills directory and uses `cp -r` after `mkdir -p` without checking whether the destination already exists or prompting before overwriting. Because the content is fetched from a remote registry and skills are executable/trusted by the agent, replacing an existing skill can silently change behavior and introduce malicious or unsafe code.

Missing User Warnings

Low
Confidence
93% confidence
Finding
The script silently contacts an external API to retrieve skill metadata without clearly warning the user at runtime that a network request will be made. In a skill-discovery context this is expected functionality, but lack of disclosure can still surprise users, leak query terms or IP metadata to the remote service, and reduce informed consent.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal