Is clawhub safe?

https://clawhub.ai/skill/clawhub

82
SAFE

This skill failed to install ('Skill not found') and is essentially empty. The SKILL.md contains no content, and the only artifact is a lock.json referencing an unverifiable 'academic-research-hub' sub-skill. No malicious behavior was detected — no prompt injection, no data exfiltration attempts, no code execution, and all canary files remain intact. The skill is harmless but non-functional.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 95/100 · 25%
Code Execution 95/100 · 20%
Clone Behavior 55/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 40/100 · 5%

Findings (6)

INFO Installation failed — skill not found -5

The skill resolution process failed with 'Skill not found' error. The clawhub registry could not resolve the 'clawhub' skill, resulting in an empty installation with only a lock.json file remaining.

LOW Empty SKILL.md provides no functionality -10

The SKILL.md file is completely empty. If a user installs this skill, it will inject nothing into the agent's system prompt and provide zero functionality. This is a quality issue rather than a security issue.

LOW Lock file references unverifiable sub-skill -50

The lock.json references 'academic-research-hub' v0.1.0 as an installed skill, but since the main skill failed to install, this reference could not be verified or inspected. The sub-skill's contents and behavior are unknown.

INFO Expected network activity during failed install -5

Network connections to 216.150.1.1:443 (ClawHub registry) and 100.51.70.227:443 occurred during the install attempt. These are consistent with a skill resolution process that failed. No data was exfiltrated; the connections appear to be standard registry lookups.

INFO Filesystem activity limited to jiti cache -5

All filesystem events were jiti (JIT TypeScript compilation) cache files in /tmp/jiti/, which are standard Node.js/TypeScript tooling artifacts from the ClawHub CLI itself, not from the skill under test.

INFO Process execution limited to system services -5

All auditd-logged process executions are from the Oathe monitoring infrastructure (auditctl, ss, sha256sum) and standard system services (gdm, gnome-session, gnome-keyring-daemon, locale-check). No unexpected processes were spawned by the skill.