OpenClaw Skills & ClawHub Safety
ClawHub is OpenClaw’s skill marketplace with 5,700+ skills. But security researchers have found that approximately 341 skills distribute malware — including credential theft, crypto mining, and reverse shell payloads. This is known as the ClawHavoc campaign.
Curate-Me provides a ClawHavoc-hardened skill scanner that grades every skill before installation.
The ClawHub Security Problem
| Threat | Description | Impact |
|---|---|---|
| Credential theft | Skills that exfiltrate API keys, SSH keys, and tokens | Account compromise |
| Crypto mining | Hidden mining scripts consuming your VPS resources | $100s/mo in compute waste |
| Reverse shells | Backdoor access to your execution environment | Full system compromise |
| Data exfiltration | Skills that send conversation data to external servers | Privacy violation |
| Supply chain attacks | Popular skills with malicious updates | Wide-blast-radius compromise |
How Our Scanner Works
Every skill import goes through a 3-layer security pipeline:
Layer 1: Static Pattern Analysis
YARA-style rules scan for:
- Shell injection patterns (
os.system,subprocess,eval,exec) - Crypto wallet addresses and mining pool connections
- Outbound connection attempts to suspicious domains
- Base64-encoded payloads (common obfuscation technique)
- File system access to sensitive paths (
.env,.ssh,.aws)
Layer 2: Dependency Audit
- Cross-reference all dependencies against a known-malicious blocklist
- Check for typosquatted package names
- Verify dependency version pins (unpinned deps = supply chain risk)
- Flag dependencies with known CVEs
Layer 3: VirusTotal Integration
- Submit skill content hash to VirusTotal
- Check against 70+ antivirus engines
- Flag any detection as CAUTION or BLOCKED
Security Verdicts
Every scanned skill receives a verdict:
| Verdict | Badge | Meaning |
|---|---|---|
| SAFE | Green | No findings. Clear to install. |
| CAUTION | Amber | Non-critical findings. Review recommended. Admin can approve. |
| BLOCKED | Red | Critical findings. Cannot be installed. |
| UNSCANNED | Gray | Not yet scanned. Treated as untrusted. |
Verified Skills
Curate-Me maintains a curated allowlist of 17 verified skills that have passed comprehensive security review:
| Skill | Category | Description |
|---|---|---|
github | Developer | GitHub integration (PRs, issues, code review) |
slack | Communication | Slack messaging and channel management |
google-drive | Productivity | Google Drive file management |
web-search | Search | Web search via multiple providers |
puppeteer | Automation | Browser automation and scraping |
docker | DevOps | Docker container management |
postgres | Database | PostgreSQL query execution |
redis | Database | Redis key-value operations |
Only verified skills can be installed on managed runners without admin approval.
Using the Skill Gallery
The Skill Gallery in the dashboard (/runners/gallery) provides:
- Browse — Search and filter skills by category, verdict, and popularity
- Scan — View detailed security findings for any skill
- Import — One-click import with automatic security scan
- Approve/Reject — Admin workflow for CAUTION-rated skills
- Rescan — Re-run security checks with the latest scan engine
- Stats — Aggregate security statistics across all imports
Free Skill Scanner
Scan any ClawHub skill URL for free at curate-me.ai/scanner . No account required. Results in under 10 seconds.
Best Practices
- Only install verified skills on production runners
- Review CAUTION findings before approving — understand what each finding means
- Never install BLOCKED skills — even if they look useful
- Rescan periodically — new threat patterns are added to the scanner weekly
- Use model allowlists alongside skill scanning — defense in depth
- Monitor skill behavior — check the audit trail for unexpected network calls