ClawStack
HomeSecurity Report

State of OpenClaw Security

We scanned 6,493 skills from ClawHub and rated their security across 6 dimensions. Updated February 2026.

6,493
Skills Analyzed
View skills →
502
Flagged Dangerous (D)
View skills →
41%
Have Risk Flags (C/D)
View skills →
2,171
Rated Safe (S/A)
View skills →

Why does this matter?

ClawHub — the official OpenClaw skill directory — has zero security ratings. Anyone can publish a skill with no review. ClawStack is the first platform to independently scan and rate every skill.

ClawHub
0
Security Ratings
ClawStack
6,493
Security Ratings

Security Grade Distribution

Based on permissions, author trust, network requests, and more

S
Excellent510 (7.9%)
A
Good1,661 (25.6%)
B
Fair1,676 (25.8%)
C
Caution2,144 (33.0%)
D
Risk502 (7.7%)

Category Safety Rankings

Average security score by category (higher is safer)

1🏠
Smart Home70.5/100 (62 skills)
2⚙️
Automation69.3/100 (290 skills)
3📦
Other68.5/100 (1000 skills)
4
Productivity66.9/100 (487 skills)
5🤖
AI Models64.9/100 (221 skills)
6🎮
Entertainment64.6/100 (294 skills)
7🛠️
Dev Tools64/100 (1000 skills)
8💬
Communication62.6/100 (543 skills)
9👥
Social61.7/100 (251 skills)
10🔒
Security59.9/100 (222 skills)
11💰
Finance56.5/100 (636 skills)

How We Score Security

Each skill is rated across 6 dimensions, with a total possible score of 100 points.

Security Scan

30 pts

Cisco mcp-scanner YARA analysis. Detects prompt injection, data exfiltration, credential harvesting, and more.

Permissions

20 pts

Sensitive permissions requested: file write, shell exec, network access.

Author Trust

15 pts

GitHub account age, followers, and contribution history.

Network Safety

15 pts

External URLs and domains contacted. Suspicious endpoints flagged.

Community Trust

10 pts

Community safe/suspicious votes from ClawStack users.

Auditability

10 pts

Open source repo available with complete, readable source code.

Grade mapping: S (90-100) · A (75-89) · B (60-74) · C (40-59) · D (0-39)
Browse Safest Skills

Share This Report

Help the OpenClaw community stay safe. Share the State of OpenClaw Security report with your network.

Share on XShare on Reddit