The Agent Skills Directory

[COMMAND_EXECUTION]: The tools install_skill and install_shared_skill use the child_process.exec function to run system commands. The input parameter skill_name is interpolated directly into the command string without any sanitization or validation. This allows for arbitrary command injection, where an attacker could execute malicious code by providing a specially crafted skill name.\n- [REMOTE_CODE_EXECUTION]: The skill is designed to download and install external code via the clawhub CLI. This represents a remote code execution risk as it fetches and executes logic from an external registry that is not part of the trusted vendors list.\n- [EXTERNAL_DOWNLOADS]: The skill performs network-based installation of software packages from an external repository (clawhub), introducing risks associated with supply chain attacks from untrusted external sources.

install-shared-skill