clawhub

SUSPICIOUS due to transitive skill installation and unpinned remote CLI execution, not because of obvious credential theft or mismatched purpose. The skill is coherent with its stated registry/install purpose and appears to use same-project official infrastructure, but it materially expands agent trust by fetching and loading third-party skills from a public registry.