clawhub-cli

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt includes an explicit example passing an API token directly on the command line ("clawhub login --token clh_..."), which instructs embedding secrets verbatim in commands and thus poses a high exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's CLI workflows (e.g., "clawhub inspect my-skill" / "clawhub inspect my-skill --file SKILL.md" and "clawhub install my-skill") explicitly fetch metadata and raw files from the public registry/site (default https://clawhub.ai), which hosts user-published/untrusted skill content that the agent is expected to read and could materially change behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The CLI uses the default registry/site URL https://clawhub.ai at runtime (via commands like clawhub install, clawhub inspect --file, clawhub update) to fetch skill packages and raw files (e.g., SKILL.md, scripts/setup.sh) which can contain agent prompts or executable code, so this external content can directly control prompts or execute code.