Clawdhub
Use the ClawdHub CLI to search, install, update, and publish agent skills from clawdhub.com. Use when you need to fetch new skills on the fly, sync installed skills to latest or a specific version, or publish new/updated skill folders with the npm-installed clawdhub CLI.
暂无可比对内容
需要至少一个上一版本,才能生成差异对比。
Security Scan
状态
suspicious
OpenClaw
gpt-5-mini
OpenClaw 分析
The skill's instructions match its described purpose (managing skills via a CLI) but provenance is missing and the runtime steps let the agent fetch and install arbitrary code from external registries, which is a notable supply‑chain risk.
置信度: medium
VirusTotal
Type: OpenClaw Skill Name: clawdhub Version: 1.0.0 The skill instructs the OpenClaw agent to install a global npm package `clawdhub` via `npm i -g clawdhub` as part of its setup instructions in `SKILL.md`. This introduces a significant supply chain risk, as the `clawdhub` package itself, fetched from an external registry, could be compromised or malicious. The installed CLI tool is designed to interact with `clawdhub.com`, which is an external domain (IOC), and includes a `publish` command that could be used to upload local files if the agent is prompted to do so.