Comment by rideontime

> I don’t know how many people are involved in managing the ClawHub registry, but there is no evidence that the skills listed there are scanned by any security tooling. Many of the payloads we found were visible in plain text in the first paragraph of the SKILL.md file.

I shouldn't still be shocked by the incompetence and/or negligence of these people, and yet I am.