We scanned 500 ClawHub skills for security risks – 10% were dangerous

Name: We scanned 500 ClawHub skills for security risks – 10% were dangerous
Availability: InStock
Author: yusufjacobs

by yusufjacobs·Feb 24, 2026·3 points·1 comment

Visit Project View on HN

AI Analysis

●●●BangerSolve My ProblemBig Brain

19-pattern MCP tool security scanner filling a real gap in agent ecosystem governance.

Strengths

•Real threat detection with concrete patterns (reverse shells, C2 domains, eval obfuscation); not vague AI risk claims.
•Public leaderboard data + trust badges create accountability incentive for ClawHub publishers.
•Honest risk distribution (10% dangerous, 40% safe) proves non-trivial scanning, not rubber-stamping.

Weaknesses

•Relies on heuristics and pattern matching; no evidence of false positive/negative rates or evasion resistance.
•ClawHub moat unclear—if attackers know the 19 patterns, obfuscation costs drop; sustainability depends on pattern updates.

Post Description

We built tork-scan, a free open-source CLI that checks AI agent skills (MCP tools) for 19 security risk patterns — reverse shells, credential harvesting, base64 payloads, eval(), C2 domains, and more.

We pointed it at 500 ClawHub skills. Results:

- 200 (40%) SAFE (90-100) - 150 (30%) CAUTION (70-89) - 100 (20%) RISKY (50-69) - 50 (10%) DANGEROUS (0-49)

The dangerous ones included typosquats with innocent names hiding credential exfiltration, obfuscated payloads, and C2 domain connections. 284 skills earned trust badges.

Try it: npx tork-scan ./my-skill

Full results + leaderboard: https://tork.network/leaderboard Writeup: https://tork.network/blog/clawhub-scan-results

Tork Network (https://tork.network) is an independent governance layer for AI agents — PII detection in ~1ms, compliance receipts, trust badges. Works with any MCP-compatible framework. Free tier available.