clawsec-clawhub-checker
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [SAFE]: No malicious intent or dangerous patterns detected.
- The skill serves as a security-enhancing reputation gate.
- Author and homepage align with known vendor infrastructure.
- [COMMAND_EXECUTION]: Subprocess execution is used to interact with the system and other tools.
- Uses
child_process.spawnSyncto runclawhuband Node.js scripts. - Implements robust input validation using regex (e.g.,
/^[a-z0-9][a-z0-9-]*$/for slugs and a semver regex for versions) to prevent command injection. - [EXTERNAL_DOWNLOADS]: The skill performs network operations to fetch metadata.
- Queries the official ClawHub registry via the
clawhubCLI. - Fetches JSON-formatted security scanner summaries and repository statistics.
Audit Metadata