Skills
skills/trpc-group/trpc-agent-go/clawhub/Gen Agent Trust Hub

clawhub

Fail

Audited by Gen Agent Trust Hub on Mar 30, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill configuration and instructions facilitate the installation of the clawhub package from the public npm registry during the setup process.
  • [REMOTE_CODE_EXECUTION]: The primary purpose of the skill is to use clawhub install and clawhub update to fetch and execute agent skills from https://clawhub.com. This allows for the execution of arbitrary remote code within the host environment from an unverified third-party registry.
  • [COMMAND_EXECUTION]: The skill utilizes the clawhub CLI to perform operations such as installing packages globally (npm i -g) and managing local file systems. These operations often require elevated permissions and can execute scripts contained within the downloaded skills.
  • [DATA_EXFILTRATION]: The skill provides commands for clawhub login and clawhub publish, which involve transmitting credentials and local source code to a remote server.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 30, 2026, 01:08 AM
Security Audit — agent-trust-hub — clawhub