Security Scan Reveals Flaws in 36% of ClawHub Skills

We scanned 6,500+ ClawHub skills. 36% have security flaws. Built a Free Community run scanner to catch them before they execute. The OpenClaw skills ecosystem lacks security enforcement, allowing skills to run with full agent permissions (filesystem, network, shell access). A tool called Clawned was developed to perform deep static analysis on SKILL.md files, detecting 60+ security patterns, including obfuscated payloads, credential harvesting, and unauthorized permission requests. The scanner identified confirmed malicious skills like video-agent, 4claw, and morning-briefing-generator in the public registry. The tool is free, requires no signup, and offers an API for CI/CD integration.