Is openclawcli safe?

https://clawhub.ai/clawhub-installer/openclawcli

82
SAFE

The skill 'openclawcli' failed to install — the slug was not found in the ClawHub registry. The repository contains only a lock.json referencing a different skill ('academic-research-hub'). No SKILL.md, no executable code, no network activity, and no canary file tampering were observed. This is effectively a non-functional, empty skill with no attack surface.

Category Scores

Prompt Injection 90/100 · 30%
Data Exfiltration 90/100 · 25%
Code Execution 85/100 · 20%
Clone Behavior 80/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 60/100 · 5%

Findings (3)

INFO Skill not found during install -5

The install process could not resolve the 'openclawcli' skill. The error 'Skill not found' indicates the skill slug does not exist or is not published in the ClawHub registry.

LOW Mismatched skill reference in lock.json -10

The lock.json file references 'academic-research-hub' v0.1.0 rather than 'openclawcli'. This suggests the repository may be a template, misconfigured, or was previously used for a different skill. While not exploitable, it is anomalous.

INFO Standard system file reads during clone 0

Filesystem monitoring captured reads of /etc/passwd, /etc/group, /etc/ld.so.cache, modprobe.d configs, and SSL certs. These are standard OS-level reads from system libraries during process execution and are not indicative of malicious behavior.