ClawHub
Back to skill
v1.0.3

Clawhub Search & Verify

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:51 AM.

Analysis

The skill’s goal is reasonable, but its safety claims are contradicted by a shell wrapper that uses an undeclared Clawhub CLI login and writes local logs.

GuidanceOnly install after reviewing the included shell wrapper and confirming you are comfortable with local Clawhub CLI use, the logged-in account it will use, and the local search log it creates. Treat its “Trusted” risk labels as popularity-based rather than a real security audit.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Human-Agent Trust Exploitation
SeverityMediumConfidenceHighStatusConcern
SKILL.md
Runs in sandboxed session with no filesystem write or exec capability ... **Tags**: safe, automation, verify, no-shell, trusted

These strong safety and trust claims are contradicted by the included bash wrapper, which executes the local clawhub CLI and writes to a log file.

User impactA user may trust the skill as read-only and no-shell when it actually runs local commands and creates persistent local logs.
RecommendationRemove unsupported trust claims and clearly disclose the CLI execution, login requirement, and log-writing behavior before installation.
Human-Agent Trust Exploitation
SeverityMediumConfidenceHighStatusConcern
cli-wrapper.sh
# Risk score: low if downloads > 1000, medium if > 100, high if < 100
RISK="✅ Trusted"

The skill presents risk/trust guidance before installation, but the code bases trust labels only on install/download counts rather than actual security review.

User impactA popular but unsafe skill could be labeled as trusted, which may lead the user to approve installation based on a weak signal.
RecommendationRename this as a popularity signal or add real, disclosed risk checks before using trusted/suspicious labels.
Unexpected Code Execution
SeverityMediumConfidenceHighStatusConcern
cli-wrapper.sh
#!/bin/bash
RESULTS=$(clawhub search "$SEARCH_TERM" --limit 3 2>/dev/null)

The artifact includes shell execution and a local CLI dependency even though the metadata declares no required binaries and the SKILL.md claims no-shell behavior.

User impactInstalling the skill may enable local command execution paths that are not obvious from the registry requirements.
RecommendationDeclare the clawhub CLI requirement and align the documentation with the actual execution model.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityLowConfidenceHighStatusNote
cli-wrapper.sh
Error: clawhub CLI not installed or logged in. Run clawhub login first.

The wrapper expects an authenticated local Clawhub CLI session, while the metadata declares no credentials or required config paths.

User impactThe skill may act through the user’s logged-in Clawhub account when searching or installing skills.
RecommendationUse a dedicated account or verify the logged-in Clawhub identity before approving any install action.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityLowConfidenceHighStatusNote
cli-wrapper.sh
LOG_FILE="logs/clawhub-search.log"
echo "$(date -u): SEARCH: $SEARCH_TERM" >> "$LOG_FILE"

The script persists user search terms to a local log file, with no retention or cleanup policy described.

User impactSearch terms, which may reveal user intent or internal needs, can remain on disk after use.
RecommendationReview or clear the log file if searches contain sensitive information, and disclose the log path and retention behavior.