We Scanned the Top 50 ClawHub Skills — Here's What We Found

Update: This is the original March 25 scan. For the latest data (March 27 refresh), see We Re-Scanned the Top 50 — Things Have Changed. We took our V(g) security scanner and ran it against the Top 50 most-installed ClawHub Skills — totaling over 1.25 million downloads. The goal was simple: apply the same static analysis we use for Rotifer Genes to the most popular tools in the Claw ecosystem, and publish the results. The headline: zero CRITICAL findings across all 50 Skills. No eval(), no child_process, no code obfuscation. But the details tell a more nuanced story. Grade Distribution Grade Count % Meaning A 44 88% Zero CRITICAL + zero HIGH B 4 8% Zero CRITICAL + ≤2 HIGH (explainable) C 2 4% Zero CRITICAL + >2 HIGH D 0 0% — 88% of the Top 50 received the highest grade. That's a strong signal for the ecosystem's security baseline — at least among the most popular tools. Most Skills Are Pure Prompt Category Count % With code files (.ts/.js/.py/.sh) 17 34% Pure prompt (SKILL.md only) 3