clawsec-clawhub-checker

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [SAFE]: No malicious intent or dangerous patterns detected.
  • The skill serves as a security-enhancing reputation gate.
  • Author and homepage align with known vendor infrastructure.
  • [COMMAND_EXECUTION]: Subprocess execution is used to interact with the system and other tools.
  • Uses child_process.spawnSync to run clawhub and Node.js scripts.
  • Implements robust input validation using regex (e.g., /^[a-z0-9][a-z0-9-]*$/ for slugs and a semver regex for versions) to prevent command injection.
  • [EXTERNAL_DOWNLOADS]: The skill performs network operations to fetch metadata.
  • Queries the official ClawHub registry via the clawhub CLI.
  • Fetches JSON-formatted security scanner summaries and repository statistics.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 02:49 AM
Security Audit — agent-trust-hub — clawsec-clawhub-checker