ClawHub
Back to skill
v1.0.0

Skill Installer

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 8:07 AM.

Analysis

The skill is a coherent instruction-only skill manager, but it can install or update persistent third-party skills that affect future agent behavior.

GuidanceInstall this only if you want the agent to manage skills. Confirm the exact skill slug, review third-party skill contents before enabling or restarting, avoid `update --all` unless intended, and verify the external `clawhub` CLI and any `skill-manager` sync step before use.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityMediumConfidenceHighStatusNote
SKILL.md
cd ~/.openclaw/workspace && clawhub install <slug> ... clawhub update --all

These commands let the agent add or bulk update installed skills, which can change future agent behavior. The behavior is disclosed and central to the skill's purpose.

User impactIf used on the wrong slug or with `--all`, the user's agent environment could be changed in ways they did not intend.
RecommendationRun install and update commands only for explicit user requests, verify the skill slug, and prefer reviewing individual skills before bulk updates.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
SKILL.md
npm i -g clawhub ... Treat third-party skills as untrusted — review before enabling

The skill relies on an external npm-installed CLI and public registry artifacts. The artifact discloses this and warns that third-party skills should be reviewed.

User impactA compromised or untrusted registry skill could affect the local agent environment after installation.
RecommendationVerify the `clawhub` CLI source, inspect third-party skill artifacts before enabling them, and avoid installing skills from unknown publishers.
Cascading Failures
SeverityMediumConfidenceHighStatusNote
SKILL.md
configure the new skill's `meta.yaml` scope and distribute it via symlinks across Agents

The workflow can propagate an installed skill across multiple agent platforms via symlinks. This is purpose-aligned but broad in impact.

User impactAn unwanted or unsafe skill could affect more than one agent environment if distributed broadly.
RecommendationConfigure each skill's scope deliberately and review it before syncing symlinks or restarting agents.