Security audit
Brave
Security checks across malware telemetry and agentic risk
Overview
The package is a coherent ClawHub CLI release whose local file, network, token, publishing, and moderation capabilities match its stated purpose.
Install only if you want a CLI that can manage ClawHub skills and OpenClaw packages. Treat the stored ClawHub token like a credential, review package or skill contents before publishing or installing, and be careful with delete, transfer, trusted-publisher, and runtime validation flags because those actions can affect registry state or execute plugin code when explicitly requested.
VirusTotal
61/61 vendors flagged this plugin as clean.
Static analysis
No suspicious patterns detected.
