Clawhub

The skill is designed to manage other OpenClaw skills using an external `clawhub` CLI tool. It instructs the agent to execute shell commands like `cd`, `which`, `npm i -g clawhub`, and various `clawhub` subcommands. While the `SKILL.md` explicitly states 'Do not auto-install without user confirmation' for `npm i -g clawhub`, the 'Workflow' section later instructs the agent to 'install if missing' without reiterating the need for user confirmation. This ambiguity presents a prompt-injection vulnerability, as a less robust agent might auto-install a global package without user consent. The reliance on an external CLI and the execution of powerful commands like `npm i -g` with user-provided input (e.g., `<slug>`) also introduce potential shell injection risks if the `clawhub` CLI itself is vulnerable or if the agent mishandles input, classifying it as suspicious rather than benign due to these risky capabilities and instruction ambiguities.