clawhub
Warn
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFEDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Installs the
clawhubcommand-line utility globally via the npm package manager. - [REMOTE_CODE_EXECUTION]: Provides functionality to download and install external agent skills from the remote
clawhub.comregistry. This allows the agent to dynamically acquire and execute unvetted code from a third-party source. - [COMMAND_EXECUTION]: Executes various shell commands for managing skills, including
npm install,clawhub install, andclawhub update. - [CREDENTIALS_UNSAFE]: References authentication mechanisms (
clawhub login) that involve handling access tokens or credentials for the remote registry. - [DATA_EXFILTRATION]: Facilitates the transmission of local skill directories and associated metadata to an external server via the
publishcommand.
Audit Metadata