Are ClawHub Skills Safe? How to Vet Community Skills

ClawHub has 5,400+ community-built skills. A recent audit found 341 malicious ones. Unlike an app store, no one is vetting these for you.

It's Not an App Store

ClawHub looks like a marketplace — descriptions, star ratings, download counts. But there's no review process, no malware scanning, no gatekeeper.

When you install a skill, you give it access to an agent that can read your files, run commands, and access your accounts. A malicious skill just needs your agent to trust it.

The Numbers

In February 2026, Wiz researchers found 341 malicious skills on ClawHub. Most were embarrassingly simple:

• Skills that curl'd sensitive files to remote servers
• One-liners that appended SSH keys to authorized_hosts
• Obfuscated code that logged keystrokes through the agent
• "Helper" skills that silently installed malware

Downloaded thousands of times before detection.

How to Vet Skills

• Read the source code. Every skill links to its repo. Look for obvious red flags.
• Check the author. Only skill? Account created last week? No community history? Suspicious.
• Search for mentions. Thousands of downloads but zero discussion anywhere? Red flag.
• Check permission scope. An image skill shouldn't need your SSH keys.
• Test in isolation. Spin up a fresh environment first.

Red Flags

• Remote downloads in install scripts — fetching code from external URLs
• Obfuscated/minified code — if you can't read it, don't run it
• Excessive credential requests — a Spotify skill doesn't need your GitHub token
• Vague descriptions, big claims — "does everything" with no specifics? Pass.
• New accounts with polished skills — real devs have git histories

The Bottom Line

ClawHub is an incredible resource — but it's a repository, not a store. Treat every skill as code from a stranger that you're about to run on your machine.

Read the source. Check the author. Five minutes of vetting is worth it.