AgentReadyHomeAgent Listing

← ClawHub

ClawHub — agentic threat model

9.3AIVSS 9.3 · Critical

ClawHub acts as a centralized supply chain hub for agent skills, presenting a high-risk profile due to the potential for malicious package distribution (similar to npm typosquatting or dependency confusion) impacting downstream agent frameworks.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.8AARS uplift 0.46Factor sum 3.5/10Threat ×1.1Mitigation ×1.0
Autonomy of Action
0.20
Goal-Driven Planning
0.10
Self-Modification
0.40
Dynamic Tool Use
0.80
Persistent Memory
0.20
Contextual Awareness
0.30
Dynamic Identity
0.10
Multi-Agent Interactions
0.60
Non-Determinism
0.30
Opacity & Reflexivity
0.50

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models⚠ not certain from listing

Not certain from the listing — ClawHub is a registry and marketplace rather than a foundation model provider. It uses vector embeddings for search, but the underlying LLMs executing the skills are external to the platform.

L2 · Data Operations✓ mapped

ClawHub utilizes vector and semantic search to index and discover AgentSkills bundles. Threats include metadata poisoning, malicious skill descriptions designed to manipulate search rankings, and potential data exfiltration via registry queries.

L3 · Agent Frameworks✓ mapped

The platform distributes 'AgentSkills bundles' which are directly integrated into agent frameworks. This introduces severe supply chain risks, where malicious or poorly written skills could lead to insecure tool integration, memory poisoning, or remote code execution on the host agent.

L4 · Deployment & Infrastructure⚠ not certain from listing

Not certain from the listing — The deployment details of the registry and the CLI tooling are not specified. There is no mention of sandboxing mechanisms to isolate downloaded skills during execution or secure secrets management for publishing.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — There is no indication of automated vulnerability scanning, static analysis of published skills, or observability guardrails to monitor the behavior of installed packages.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — The registry is closed source and free, with no explicit mention of package signing, publisher identity verification, access control policies, or compliance audits.

L7 · Agent Ecosystem✓ mapped

As an agent ecosystem marketplace, ClawHub is highly exposed to ecosystem-level threats. A single compromised or malicious package could propagate transitively across multiple agent workflows, leading to cascading failures and widespread trust abuse.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).