ClawdHub CLI

Name: clawdhub
Author: steipete

View on ClawHub↗

Share on X Share on LinkedIn Share on Bluesky

100Critical

This skill introduces severe supply chain risks by allowing arbitrary

ThreatsCI SM CS BC S HITL

Behavior Analysis

Description verified — behavior matches claim

Claims to do

ClawdHub CLI: Install

Actually does

This skill installs the `clawdhub` CLI globally using `npm`. It then uses this CLI to interact with `clawdhub.com` to search for, install, update, list, and publish agent skills. It executes commands such as `npm i -g clawdhub`, `clawdhub login`, `clawdhub search`, `clawdhub install`, `clawdhub update`, `clawdhub list`, and `clawdhub publish`, potentially modifying local files in the current working directory or `./skills`.

Threat Analysis

AI Agent Traps ↗Scanned 4/15/2026

Content InjectionPerceptionclean

Semantic ManipulationReasoningclean

Cognitive StateMemory & Learningclean

Behavioural ControlAction2 findings

SystemicMulti-Agent Dynamicsclean

Human-in-the-LoopHuman Overseerclean

Skill Info

Namesteipete/clawdhub

Registryclawhub

Version1.0.0

PURLpkg:clawhub/steipete/clawdhub@1.0.0

Stars227

Downloads31,206

Installs432

Source

Repository ↗

SHA-256dc6e717f4ac6...

SHA-1a962532cfaf7...

MD50830acde5d8a...

TLSHa821eb5e521f...

Size1,398 bytes

Install

This skill has been flagged as potentially malicious. Review the findings below before installing.

OpenClawDocs

https://clawhub.ai/steipete/clawdhub

31,206 downloads432 installs

ClawHubDocs

openclaw skills install steipete/clawdhub

Assessments (1)

AI Agent Traps ↗

Supply Chain Risk: Install/Update External Codecriticalsupply chain

The skill installs a global npm package and downloads/updates external 'agent skills' from a remote registry, allowing for arbitrary code execution and introducing significant supply chain risks. The registry URL can also be overridden, enabling redirection to malicious sources.

100% confidenceline 51

metadata: {"install":[{"package":"clawdhub"}]}, clawdhub install my-skill, clawdhub update --all --no-input --force, override with CLAWDHUB_REGISTRY or --registry

Data Exfiltration via Skill Publishinghighdata exfiltration

The skill can publish local skill folders to an external service (`clawdhub.com`), which could be abused to exfiltrate sensitive local files if the agent is instructed to publish an inappropriate directory.

100% confidenceline 47

clawdhub publish ./my-skill

Badge

Markdown

[![Mondoo Skill Check](https://mondoo.com/ai-agent-security/api/badge/clawhub/steipete/clawdhub.svg)](https://mondoo.com/ai-agent-security/skills/clawhub/steipete/clawdhub)

HTML

<a href="https://mondoo.com/ai-agent-security/skills/clawhub/steipete/clawdhub"><img src="https://mondoo.com/ai-agent-security/api/badge/clawhub/steipete/clawdhub.svg" alt="Mondoo Skill Check" /></a>

Image URL

https://mondoo.com/ai-agent-security/api/badge/clawhub/steipete/clawdhub.svg

Secure your AI agents

Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.

Continuous scanning of skills across all registries
Policy enforcement before skills reach your agents
Integration with your existing security workflow