Clawdhub
Use the ClawdHub CLI to search, install, update, and publish agent skills from clawdhub.com. Use when you need to fetch new skills on the fly, sync installed skills to latest or a specific version, or publish new/updated skill folders with the npm-installed clawdhub CLI.
No comparison available
A previous version is required before a diff can be generated.
Security Scan
Status
suspicious
OpenClaw
gpt-5-mini
OpenClaw analysis
The skill's instructions match its described purpose (managing skills via a CLI) but provenance is missing and the runtime steps let the agent fetch and install arbitrary code from external registries, which is a notable supply‑chain risk.
Confidence: medium
VirusTotal
Type: OpenClaw Skill Name: clawdhub Version: 1.0.0 The skill instructs the OpenClaw agent to install a global npm package `clawdhub` via `npm i -g clawdhub` as part of its setup instructions in `SKILL.md`. This introduces a significant supply chain risk, as the `clawdhub` package itself, fetched from an external registry, could be compromised or malicious. The installed CLI tool is designed to interact with `clawdhub.com`, which is an external domain (IOC), and includes a `publish` command that could be used to upload local files if the agent is prompted to do so.