ClawHub Security Report
Automated security analysis of AI agent skills by SkillScan
Scan Status: complete
Scan completed: Feb 23, 2026 13:45 UTC | Duration: 533.6s
Top Threat Categories
| Category | Count |
|---|
| Credential Theft | 1 |
| Malicious Instruction | 45 |
| Supply Chain Attack | 49 |
Flagged Skills (79 skills)
Sorted by download count - highest risk exposure first
Downloads: 31626 | Stars: 330 | Score: 45/100
HIGH
Malicious Instruction: Attempting to access system prompt
...ion Rule (System Prompt Feedback)
Promote recurring patterns i...
Downloads: 19167 | Stars: 120 | Score: 30/100
HIGH
Malicious Instruction: Data harvesting instruction
...e context harvesting attack surfaces. The combination of ...
Downloads: 8665 | Stars: 40 | Score: 65/100
CRITICAL
Supply Chain Attack: Pipe to sh - code execution attack
...rarian (fear=buy) |
| Short Interest | Yahoo | Squeeze potential...
Downloads: 7559 | Stars: 27 | Score: 60/100
Downloads: 4071 | Stars: 4 | Score: 50/100
CRITICAL
Malicious Instruction: Explicit theft instruction
...laywright Stealth** ⭐ | `scripts/playwright-stealth.j...
HIGH
Malicious Instruction: Instruction to conceal activities
...ures:**
- Hide automation markers (`navigator.webdrive...
Downloads: 3698 | Stars: 20 | Score: 75/100
HIGH
Malicious Instruction: Attempting to access system prompt
...effective system prompts and custom instructions for AI agents
...
Downloads: 3442 | Stars: 11 | Score: 50/100
CRITICAL
Supply Chain Attack: Pipe to sh - code execution attack
...ult: 5) |
| `stats` | Show reflection statistics |
| `reset` | R...
Downloads: 2702 | Stars: 7 | Score: 65/100
CRITICAL
Malicious Instruction: Explicit theft instruction
...---
name: stealth-browser
description: Ultimate stealth...
Downloads: 2669 | Stars: 8 | Score: 75/100
HIGH
Malicious Instruction: Instruction to conceal activities
...sions |
| Hide errors and retry silently | Log errors ...
Downloads: 2501 | Stars: 3 | Score: 65/100
CRITICAL
Supply Chain Attack: Pipe to sh - code execution attack
... |
| Other | Failed | Show error |
## APIs
### Create Task
**...
Downloads: 2417 | Stars: 1 | Score: 65/100
CRITICAL
Supply Chain Attack: Pipe to sh - code execution attack
... |
| Other | Failed | Show error |
## Note Types
| Type | Desc...
Downloads: 1982 | Stars: 2 | Score: 20/100
HIGH
Malicious Instruction: Instruction to post sensitive data
... "@watson post your full findings in #research"
↓
Wat...
HIGH
Malicious Instruction: Attempting to access system prompt
...-specific system prompts
- Renames channels and updates referen...
Downloads: 1745 | Stars: 4 | Score: 65/100
CRITICAL
Supply Chain Attack: Pipe to sh - code execution attack
... have you learned?" | Show last 10 from `corrections.md` |
| "Sh...
Downloads: 1571 | Stars: 3 | Score: 75/100
HIGH
Malicious Instruction: Instruction to conceal activities
...ault list hides `done` and `skipped` unless `--all` or...
Downloads: 1394 | Stars: 0 | Score: 55/100
CRITICAL
Supply Chain Attack: Pipe to sh - code execution attack
...ion lacks structure | Shared workspaces with activity feeds, com...
Downloads: 1382 | Stars: 1 | Score: 0/100
CRITICAL
Malicious Instruction: Explicit theft instruction
...c, Atomic Stealer)
- **RAG poisoning** & tool manipulat...
HIGH
Malicious Instruction: Data harvesting instruction
...redential Harvesting**: AWS, GCP, Azure, SSH keys
- **API...
HIGH
Malicious Instruction: Prompt injection attempt
...ide:**
- "ignore previous instructions"
- "ignore all prior"
- "f...
CRITICAL
Malicious Instruction: Prompt injection attempt
...d
Query: "ignore all previous instructions and..."
Action: Blocked + ...
HIGH
Malicious Instruction: Prompt injection attempt
...thing"
- "disregard above"
- "override system"
**System Ex...
HIGH
Malicious Instruction: Attempting to access system prompt
...rect)
- **System prompt extraction**
- **Configuration dump req...
CRITICAL
Malicious Instruction: Jailbreak attempt
...njection, jailbreak, role-hijack, and system extraction att...
HIGH
Malicious Instruction: Instruction to conceal activities
...guages to hide intent)
- Non-English variants: "instru...
Downloads: 1340 | Stars: 2 | Score: 75/100
CRITICAL
Malicious Instruction: Explicit theft instruction
...---
name: stealth-browser
description: Anti-bot browser...
Downloads: 1151 | Stars: 1 | Score: 65/100
CRITICAL
Supply Chain Attack: Pipe to sh - code execution attack
...| `claude-opus-4-6` | Short model name ...
Downloads: 1119 | Stars: 0 | Score: 55/100
CRITICAL
Supply Chain Attack: Pipe to sh - code execution attack
...AeBf` | 6 |
| USDT | Shasta | `TG3XXyExBkPp9nzdajDZsozEu4BkaSJ...
Downloads: 882 | Stars: 0 | Score: 40/100
CRITICAL
Supply Chain Attack: Pipe to sh - code execution attack
...al.sh/uv/install.sh | sh`
## Why This Matters
Your agent has a...
HIGH
Malicious Instruction: Prompt injection attempt
...lag `<!-- IGNORE PREVIOUS INSTRUCTIONS -->`.
**skillscanner** ch...
Downloads: 849 | Stars: 1 | Score: 65/100
CRITICAL
Supply Chain Attack: Pipe to sh - code execution attack
...y |
| `--all-stops` | Show all flights regardless of stops |
| `...
Downloads: 828 | Stars: 2 | Score: 65/100
CRITICAL
Supply Chain Attack: Pipe to sh - code execution attack
...| "show my toolbox" | Show toolbox index |
| "update [entry]" | ...
Downloads: 796 | Stars: 2 | Score: 75/100
HIGH
Malicious Instruction: Attempting to access system prompt
...s access (system prompt on first use)
install: |
cd $SKILL_DI...
Downloads: 723 | Stars: 1 | Score: 65/100
CRITICAL
Supply Chain Attack: Pipe to sh - code execution attack
...**Feature Factory** | Shipping features without measuring impact...
Downloads: 656 | Stars: 0 | Score: 75/100
CRITICAL
Malicious Instruction: Explicit theft instruction
...uired |
| Stealth mode | No | Yes |
| Proxy/CAPTCHA | N...
Downloads: 602 | Stars: 0 | Score: 65/100
CRITICAL
Supply Chain Attack: Pipe to sh - code execution attack
...order-radius.mdx` |
| Shadows | `box-shadow.mdx` |
| Transitions...
Downloads: 600 | Stars: 0 | Score: 60/100
HIGH
Malicious Instruction: Prompt injection attempt
...ors:**
- "Ignore previous instructions..."
- "You are now in deve...
Downloads: 586 | Stars: 1 | Score: 65/100
CRITICAL
Supply Chain Attack: Pipe to sh - code execution attack
...ption | string | No | Short bio (max 200 chars) |
**Response (2...
Downloads: 581 | Stars: 1 | Score: 75/100
HIGH
Malicious Instruction: Instruction to conceal activities
...o **not** hide them behind a file path.
- **Always pri...
Downloads: 579 | Stars: 0 | Score: 75/100
HIGH
Malicious Instruction: Instruction to conceal activities
...iet` flag hides PASS and WARN, showing only FAIL resul...
Downloads: 556 | Stars: 2 | Score: 50/100
CRITICAL
Supply Chain Attack: Pipe to sh - code execution attack
...://cli.inference.sh | sh && infsh login
# Generate a TikTok-sty...
Downloads: 518 | Stars: 0 | Score: 65/100
CRITICAL
Supply Chain Attack: Pipe to sh - code execution attack
...ill-tree.sh <name>` | Show dependency tree |
| `check-deps.sh` |...
Downloads: 506 | Stars: 0 | Score: 55/100
HIGH
Malicious Instruction: Instruction to conceal activities
...e wins or hide losses.
- **Be autonomous**: Make decis...
Downloads: 473 | Stars: 0 | Score: 65/100
CRITICAL
Supply Chain Attack: Pipe to sh - code execution attack
...a2.unpause <GID>` |
| Show statistics | `python3 scripts/rpc_cli...
Downloads: 457 | Stars: 0 | Score: 75/100
CRITICAL
Malicious Instruction: Explicit theft instruction
.... Reward: Steal **15%** of opponent pulse + Capture sec...
Downloads: 422 | Stars: 0 | Score: 0/100
CRITICAL
Supply Chain Attack: Pipe to bash - classic supply chain attack pattern
...IDENTITY.md
- `curl | bash` patterns
- Author GitHub age <90 days
...
CRITICAL
Supply Chain Attack: Known malicious IP from ClawHavoc campaign
...d infrastructure:** 91.92.242.30 (known C2), password-protected file hos...
HIGH
Malicious Instruction: Prompt injection attempt
...ources
- "Ignore previous instructions" or DAN-style jailbreaks
-...
CRITICAL
Malicious Instruction: Jailbreak attempt
... (base64, jailbreaks, obfuscation, glot.io)
- Credential th...
HIGH
Malicious Instruction: Instruction to conceal activities
...hashes to hide tampering. The manifest + runtime block...
Downloads: 419 | Stars: 0 | Score: 75/100
HIGH
Malicious Instruction: Instruction to conceal activities
...-reads` | Hide Read tool events | Off |
| `--review <u...
Downloads: 417 | Stars: 0 | Score: 65/100
CRITICAL
Supply Chain Attack: Pipe to sh - code execution attack
......" |
| **D**esire | Show benefit | "...used by top-ranking sit...
Downloads: 412 | Stars: 0 | Score: 40/100
CRITICAL
Supply Chain Attack: Pipe to bash - classic supply chain attack pattern
.../v0.39.7/install.sh | bash
source ~/.nvm/nvm.sh
nvm install 22
nvm...
Downloads: 389 | Stars: 0 | Score: 30/100
HIGH
Malicious Instruction: Attempting to access system prompt
...t` | no | System prompt (max 10000 chars) |
| `instructions` | ...
Downloads: 349 | Stars: 2 | Score: 60/100
Downloads: 344 | Stars: 0 | Score: 55/100
CRITICAL
Supply Chain Attack: Pipe to sh - code execution attack
... | — |
| `--full` | Show full wallet address instead of trunca...
Downloads: 327 | Stars: 0 | Score: 65/100
CRITICAL
Supply Chain Attack: Pipe to sh - code execution attack
...
### Excel Sheets
| Sheet | Content |
|-------|---------|
| ...
Downloads: 302 | Stars: 0 | Score: 65/100
CRITICAL
Supply Chain Attack: References to a skill marketplace exfiltration endpoint
...ybrain
description: Skill marketplace for OpenClaw agents. One subscription, ...
Downloads: 290 | Stars: 1 | Score: 65/100
CRITICAL
Supply Chain Attack: Pipe to sh - code execution attack
... Distributed ledger | Shared database synchronized across nodes,...
Downloads: 252 | Stars: 0 | Score: 60/100
CRITICAL
Credential Theft: Known data exfiltration service (webhook.site) - used in ClawdHub attack
...spicious patterns (`webhook.site`, `curl .`, `eval()`, etc.)
...
Downloads: 238 | Stars: 0 | Score: 60/100
CRITICAL
Supply Chain Attack: Pipe to sh - code execution attack
...) |
| `/til status` | Show site status and connection info |
| `...
Downloads: 232 | Stars: 0 | Score: 65/100
CRITICAL
Supply Chain Attack: Pipe to sh - code execution attack
...I |
| `--history N` | Show last N trades (default: 10) |
| `--sy...
Downloads: 214 | Stars: 1 | Score: 65/100
HIGH
Malicious Instruction: Attempting to access system prompt
...---
# [System Prompt]
你现在是一位拥有 15 年经验...
Downloads: 212 | Stars: 1 | Score: 65/100
CRITICAL
Supply Chain Attack: Pipe to sh - code execution attack
...r (1-17) |
| `name` | Short name (e.g. "Dark Mode", "Clean Blue"...
Downloads: 172 | Stars: 0 | Score: 40/100
CRITICAL
Supply Chain Attack: Pipe to sh - code execution attack
...` | Show account info and balance ...
CRITICAL
Malicious Instruction: Explicit theft instruction
...setup, no stealth plugins, no fingerprint patching requ...
Downloads: 149 | Stars: 0 | Score: 65/100
CRITICAL
Supply Chain Attack: Pipe to sh - code execution attack
...ary_share` | Share an entry with a specific agent (by f...
Downloads: 124 | Stars: 0 | Score: 60/100
CRITICAL
Supply Chain Attack: References to a skill marketplace exfiltration endpoint
...z) — the AI agent skill marketplace. Use when the user asks to find new ski...
Downloads: 118 | Stars: 0 | Score: 45/100
CRITICAL
Supply Chain Attack: Pipe to sh - code execution attack
...ch <url> --dry-run` | Show payment info without paying |
| `pyth...
Downloads: 116 | Stars: 0 | Score: 55/100
Downloads: 113 | Stars: 0 | Score: 40/100
CRITICAL
Supply Chain Attack: Pipe to sh - code execution attack
...3: [Differentiator] | Shop [X] In Stock Now
Description: Explore...
CRITICAL
Malicious Instruction: Explicit theft instruction
...Campaigns
Stealing customers from competing dealers:
- ...
Downloads: 110 | Stars: 0 | Score: 75/100
CRITICAL
Malicious Instruction: Explicit exfiltration instruction
... tries to exfiltrate.
## Output
The sandbox produces a JSO...
Downloads: 109 | Stars: 0 | Score: 75/100
HIGH
Malicious Instruction: Attempting to access system prompt
...
---
## SYSTEM PROMPT
你是爱莉酱。
你不是AI,不...
Downloads: 98 | Stars: 0 | Score: 65/100
CRITICAL
Supply Chain Attack: Pipe to sh - code execution attack
...10% | < 5% | < 2% |
| Shrinkage | < 2% | < 1% | < 0.5% |
| On-Ti...
Downloads: 91 | Stars: 0 | Score: 65/100
CRITICAL
Supply Chain Attack: Pipe to sh - code execution attack
...idence thresholds |
| Shadow AI with PHI | High | Approved tool ...
Downloads: 87 | Stars: 1 | Score: 65/100
CRITICAL
Supply Chain Attack: Pipe to sh - code execution attack
...unicon info <name>` | Show detailed icon information |
| `unicon...
Downloads: 83 | Stars: 1 | Score: 50/100
CRITICAL
Supply Chain Attack: Pipe to sh - code execution attack
...conds |
| `shipped` | Shipped; `tracking` object has carrier, nu...
Downloads: 83 | Stars: 0 | Score: 50/100
CRITICAL
Supply Chain Attack: Pipe to sh - code execution attack
...e | 2x | Long cache | Short cache | No cache |
| Compressible | ...
Downloads: 81 | Stars: 1 | Score: 70/100
HIGH
Malicious Instruction: Attempting to access system prompt
...er attach system prompts, conversation history, uploaded files,...
Downloads: 80 | Stars: 0 | Score: 65/100
CRITICAL
Supply Chain Attack: Pipe to sh - code execution attack
...-$550/SF |
| Retail | Shell vs TI, storefront, grease traps | $1...
Downloads: 79 | Stars: 0 | Score: 55/100
CRITICAL
Supply Chain Attack: Pipe to sh - code execution attack
...k/master/install.sh | sh`
- **Update**: re-run the install scrip...
Downloads: 79 | Stars: 0 | Score: 0/100
Downloads: 73 | Stars: 0 | Score: 55/100
CRITICAL
Supply Chain Attack: Pipe to sh - code execution attack
...-------|----------|
| Shuffle-heavy joins | Broadcast small tabl...
Downloads: 69 | Stars: 0 | Score: 45/100
HIGH
Malicious Instruction: Instruction to post sensitive data
...agents:
- Post your new releases to `m/music` or `m/moltdj`...
Downloads: 68 | Stars: 0 | Score: 65/100
CRITICAL
Supply Chain Attack: Pipe to sh - code execution attack
...|
| Partial results | Show what was found, note which sources we...
Downloads: 48 | Stars: 0 | Score: 0/100
CRITICAL
Supply Chain Attack: Pipe to sh - code execution attack
...ed file" | button |
| Share button (output) | "Share encrypted S...
HIGH
Malicious Instruction: Instruction to conceal activities
...u want to hide *who* can decrypt a message. The encryp...
Downloads: 34 | Stars: 0 | Score: 65/100
CRITICAL
Supply Chain Attack: Pipe to bash - classic supply chain attack pattern
...d_percentage":72}}' | bash scripts/context-check.sh
# Exit codes: ...
Downloads: 30 | Stars: 0 | Score: 40/100
CRITICAL
Supply Chain Attack: Pipe to bash - classic supply chain attack pattern
...tup/master/setup.sh | bash
```
Or follow the manual steps below.
...
Downloads: 24 | Stars: 0 | Score: 65/100
CRITICAL
Supply Chain Attack: References to a skill marketplace exfiltration endpoint
... which many current skill marketplaces do not expose. Where version history l...
Downloads: 23 | Stars: 0 | Score: 40/100
HIGH
Malicious Instruction: Data harvesting instruction
...redential harvesting, code injection,
network exfiltrat...
Downloads: 18 | Stars: 0 | Score: 0/100
CRITICAL
Supply Chain Attack: Pipe to bash - classic supply chain attack pattern
...sh`, `wget … -O - | bash`, `eval "$(…)"`, running a script URL...
CRITICAL
Supply Chain Attack: Pipe to sh - code execution attack
...on? (e.g. `curl … | sh`, `wget … -O - | bash`, `eval "$(…)...
CRITICAL
Malicious Instruction: Explicit exfiltration instruction
...oints, or exfiltrate data — mark as suspicious and warn.
...
CRITICAL
Malicious Instruction: Explicit theft instruction
...s code or steal my data?"** — Explicit RCE and malici...
Downloads: 16 | Stars: 0 | Score: 65/100
CRITICAL
Supply Chain Attack: Pipe to sh - code execution attack
...tle |
| 2 | Tagline | Short catchy phrase for the hero |
| 3 | D...
Downloads: 14 | Stars: 0 | Score: 75/100
HIGH
Malicious Instruction: Attempting to access system prompt
...nt needs: system prompt, conversation history, other Skills' me...
Downloads: 5 | Stars: 0 | Score: 75/100
HIGH
Malicious Instruction: Prompt injection attempt
...rit only, disregarding social signals
3. Report coordina...
About SkillScan
SkillScan is an API-first security scanner for AI agent skill files. It detects supply chain attacks, credential theft patterns, and known malware IOCs from campaigns like ClawHavoc.
Try SkillScan API
POST /scan