English
View as MarkdownView this page as plain textOpen in ChatGPTAsk questions about this pageOpen in ClaudeAsk questions about this pageOpen in PerplexityAsk questions about this page

Safety and Operations

Security Audits

Security Audits

ClawHub security audits help you decide whether a skill or plugin is safe enough to install. They show what a release does, what authority it asks for, and whether anything deserves extra attention before it can access files, accounts, credentials, code, or external services.

Audits are strong safety signals, but they are not a guarantee that a release is risk-free. Always use judgment before granting sensitive access.

See also Security, Acceptable usage, and Moderation and Account Safety.

What to check before installing

Before installing, review:

  • the overall audit status
  • the risk level
  • any listed findings
  • required credentials, permissions, or environment variables
  • owner, source, version, changelog, downloads, stars, and other trust signals

Install only content you understand and trust.

Audit status

Audit status tells you how to react to the audit result:

Status Meaning
Pass No visible issue above low risk was found.
Review Read the findings before installing. The release may still be legitimate.
Warn Use extra caution. ClawHub found a high-impact concern or warning signal.
Malicious Do not install.
Pending Audits have not finished yet.
Error The audit could not be completed.

A Pass is reassuring, but it does not replace your own judgment. This matters most for tools that can publish content, edit data, run commands, read files, or access production systems.

Risk level

Risk level describes blast radius: how much power the release appears to have if you use it as intended.

Risk level Meaning
Low Little sensitive authority or user impact was found.
Medium The release has meaningful authority, such as account access or data changes.
High The release has high-impact authority, severe findings, or malicious signals.

Risk level and audit status answer different questions:

  • Risk level asks: "How much power is here?"
  • Audit status asks: "What should I do with this result?"

For example, a publishing skill may show Review with Medium risk. That does not mean it is malicious. It means the skill appears purpose-aligned, but can act with meaningful account authority.

Findings

Findings explain why an audit result was shown. Each finding usually includes:

  • what it means
  • why it was flagged
  • the relevant skill or plugin content
  • a recommendation

Findings may be labeled Info, Low, Medium, High, or Critical. Higher severity findings contribute more strongly to risk level and audit status.

Low-confidence findings are hidden from the public audit rollup so the page stays focused on useful evidence.

What ClawHub checks

ClawHub audits submitted release artifacts, including:

  • skill instructions or plugin metadata
  • declared environment variables and permissions
  • install instructions and package metadata
  • included files and file manifests
  • compatibility and capability metadata

The main question is coherence: do the name, summary, metadata, requested authority, and actual content line up with what users would reasonably expect?

Powerful behavior is not automatically bad. Many useful tools need credentials, local commands, provider APIs, or package installs. The audit checks whether that power is expected, disclosed, and proportionate.

Artifact pages link to the full audit at:

text
/<owner>/<slug>/security-audit

The audit page combines:

  1. SkillSpector
  2. VirusTotal
  3. Risk analysis

VirusTotal

ClawHub uses VirusTotal as malware telemetry in the audit stack. VirusTotal is a trusted industry standard for file reputation and malware scanning, and our partnership lets ClawHub add broader security intelligence to skill and plugin review.

VirusTotal is especially useful for known malicious artifacts, engine hits, and reputation signals that complement ClawHub's agent-aware review. When vendor engine counts are available, the audit summarizes them in plain language, such as:

text
62/62 vendors flagged this skill as clean.

or:

text
2/64 vendors flagged this skill as malicious, 1/64 flagged it as suspicious, and 61/64 flagged it as clean.

When ClawHub has no vendor-count telemetry to summarize, the audit says:

text
No VirusTotal findings

VirusTotal remains telemetry. It does not replace ClawHub's own artifact-aware risk analysis.

Risk analysis

Risk analysis is powered internally by ClawScan, ClawHub's own security audit system. It reviews each release as an agent-facing artifact: instructions, metadata, declared permissions, files, capability signals, static scan signals, SkillSpector findings, VirusTotal telemetry, and publisher-provided context. Static scan signals are internal context for this review; they are not a standalone public audit section or install-blocking verdict.

Risk analysis uses the OWASP Agentic Skills Top 10 as a lens for risks such as prompt injection, tool misuse, credential exposure, unsafe execution, memory or context poisoning, and excessive agency.

ClawScan does not treat a scary-looking capability as automatically malicious. It asks whether the capability is disclosed, purpose-aligned, and supported by the release's stated use case.

Was this useful?
On this page

On this page