ClawHub

知识库归档系统

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real document archiver, but it needs review because it can duplicate sensitive local documents, persist searchable plaintext indexes, and includes under-disclosed external AI/cloud processing paths.

Review before installing. Use this only on files you are comfortable duplicating into a local knowledge base, treat the generated _index files and manifest as sensitive, and avoid untrusted filenames or documents because of unsafe shell command construction. Do not enable AI classification or cloud storage for confidential or regulated files unless you fully trust the model endpoint or storage provider and credentials are narrowly scoped.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
When AI classification is enabled, extracted document text is sent to a configured API endpoint, and the script also attempts external model invocation via the openclaw CLI. For a tool presented as a local knowledge-base archiver, silently transmitting document contents off-host creates a real confidentiality risk, especially because archived files may contain sensitive business or personal data.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill advertises archiving and indexing behavior but does not clearly warn users that running it will copy files into a local knowledge base and generate searchable index artifacts. This can lead to unintended data duplication, persistence, and broader local exposure of sensitive content, especially when users expect a read-only organization tool.

Missing User Warnings

High
Confidence
97% confidence
Finding
The cloud storage section explains how to upload archived files to third-party storage but does not clearly warn that file contents, filenames, and related metadata may leave the local system. In a knowledge-base archiving context, users may process confidential business documents, so silent or poorly disclosed off-device transmission creates a substantial privacy and compliance risk.

Missing User Warnings

High
Confidence
98% confidence
Finding
The AI classification feature states that it uses filenames and content summaries for semantic analysis, but it does not clearly warn that those summaries may be sent to the configured AI endpoint. Because this skill handles local documents that may contain sensitive internal data, undisclosed transmission to a local or remote model endpoint materially increases data leakage risk.

Missing User Warnings

High
Confidence
98% confidence
Finding
The AI classification path packages filename, summary, and extracted content and sends them to openclaw or a configured API endpoint without any explicit disclosure or consent flow. In the context of a knowledge-base archiver handling office documents, this is particularly dangerous because it can leak confidential internal documents, customer data, or regulated information during normal use.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal