clawhub
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill does match its ClawHub installer purpose, but it installs persistent skill packages from the internet and uses the requested slug directly as a local install path.
Treat this as a high-impact installer. Use it only for skills and authors you trust, avoid unusual slugs or links, inspect the downloaded skill files before restarting your agent, and prefer an updated version that validates install paths and verifies package integrity.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malformed or malicious slug/link could cause files to be installed outside the intended ClawHub skills folder if the download endpoint returns a package.
The user-provided slug or parsed URL component is used directly in a filesystem destination without validation or canonical path containment.
slug="$input" ... skill_dir="$SKILLS_DIR/$slug" ... mkdir -p "$skill_dir" ... cp -r "$TEMP_DIR/extracted/"* "$skill_dir/"
Validate slugs against a strict safe pattern, reject slashes and '..' segments, canonicalize the final path, and confirm it stays under the intended install directory before copying files.
A compromised, malicious, or mistaken registry package could be placed where the agent may load it in later sessions, changing future agent behavior.
The installer directly downloads, extracts, and persists remote skill package contents; the provided artifacts do not show integrity verification or a pre-install review gate.
http_code=$(curl -s -w "%{http_code}" -o "$TEMP_DIR/skill.zip" "$download_url") ... unzip -o "$TEMP_DIR/skill.zip" -d "$TEMP_DIR/extracted" ... cp -r "$TEMP_DIR/extracted/"* "$skill_dir/"Only install skills from trusted authors, review downloaded files before restarting the agent, and prefer package signatures/checksums plus an explicit user confirmation step.