Clawdhub
PassAudited by VirusTotal on May 13, 2026.
Overview
Type: OpenClaw Skill Name: clawdhub Version: 1.0.0 The skill instructs the OpenClaw agent to install a global npm package `clawdhub` via `npm i -g clawdhub` as part of its setup instructions in `SKILL.md`. This introduces a significant supply chain risk, as the `clawdhub` package itself, fetched from an external registry, could be compromised or malicious. The installed CLI tool is designed to interact with `clawdhub.com`, which is an external domain (IOC), and includes a `publish` command that could be used to upload local files if the agent is prompted to do so.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or overbroad invocation could change many installed agent skills and alter future agent behavior without an interactive prompt.
The skill grants the agent broad authority to mutate installed skills, including a no-prompt forced bulk update path, without instructions requiring explicit user confirmation, review, pinning, backup, or rollback.
Use when you need to fetch new skills on the fly, sync installed skills to latest or a specific version, or publish new/updated skill folders... clawdhub update --all --no-input --force
Require explicit user approval before install, update, update --all, force/no-input, or publish operations; prefer pinned versions; avoid --all --force --no-input unless the user specifically requests it.
Using the skill means trusting the npm package, the selected registry, and the skills retrieved from it.
The skill depends on an unpinned globally installed npm CLI and an external registry that can install or update skills, often to latest by default. This is disclosed and central to the skill, but it is a supply-chain trust point.
npm i -g clawdhub ... Default registry: https://clawdhub.com (override with CLAWDHUB_REGISTRY or --registry) ... upgrades to latest unless --version is set
Install the CLI only from a trusted source, pin versions when possible, review skill metadata before installing, and be cautious with registry overrides.
If used with the wrong account or excessive permissions, the skill could publish or modify registry content under that account.
Publishing requires an authenticated ClawdHub account/session. This is expected for publishing, but it gives the CLI delegated account authority.
Auth (publish) clawdhub login clawdhub whoami ... clawdhub publish ./my-skill --slug my-skill --name "My Skill" --version 1.2.0
Use a dedicated or least-privileged ClawdHub account for publishing, confirm the target slug/version before publishing, and log out or rotate credentials if access is no longer needed.