ClawHub

skill-refiner

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent OpenClaw skill-auditing tool, but it asks an agent to scan broadly and make lasting file changes without clear review safeguards.

Install only if you intentionally want an OpenClaw skill compliance maintenance tool. Use it first in audit/report-only mode, review exact paths and proposed diffs, and explicitly approve any deletion, rename, directory move, or write into ~/.openclaw/workspace/skills.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill instructs exhaustive workspace discovery and auditing of every SKILL.md, which clearly requires broad file-read capability, yet no permissions are declared. Undeclared read scope is risky because it normalizes hidden access to files outside the expected skills directory and weakens least-privilege controls.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The phrase "audit my skills" is a broad natural-language trigger that could plausibly appear in ordinary conversation, causing the skill to activate when the user did not specifically intend to invoke it. In this skill's context, unintended invocation is more concerning because the skill is designed to exhaustively search the workspace and modify multiple skill files, so a mistaken trigger could lead to wide-scope file inspection and repair actions.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The example trigger phrases are broad, natural-language commands such as asking to audit or check skills, which can plausibly appear in ordinary conversation. In a skill that exhaustively scans and repairs files across the workspace, overly generic triggers increase the chance of unintended activation and unauthorized or surprising modifications.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill directs deletion of files such as README.md, INSTALLATION_GUIDE.md, and CHANGELOG.md without requiring confirmation, backup, or even warning the user. This is dangerous because it can cause immediate data loss and destroy documentation or evidence across many directories during an automated bulk repair pass.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill instructs moving skills from anywhere in the workspace into a fixed destination path without warning or validation. Bulk relocation can overwrite existing content, break references, and unexpectedly alter project structure, especially because the search scope is the entire workspace and may catch unintended directories.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
Renaming directories is a filesystem-mutating operation that can break imports, scripts, links, packaging, and user workflows, and the skill provides no warning or approval step. Because this skill is designed to apply fixes broadly, a naming normalization pass could make widespread irreversible changes very quickly.

Session Persistence

Medium
Category
Rogue Agent
Content
1. **Missing/malformed frontmatter** — Add or correct the `---` block with `name` and `description` only
2. **Extra frontmatter fields** — Remove any fields other than `name` and `description`
3. **Weak description** — Rewrite to include: what the skill does + trigger conditions ("Use when...")
4. **Extraneous files** — Delete README.md, INSTALLATION_GUIDE.md, CHANGELOG.md, etc.
5. **Wrong location** — If a skill is outside `skills/`, move it to `~/.openclaw/workspace/skills/<skill-name>/`
6. **Naming violations** — Rename directory to lowercase-hyphen-case
Confidence
77% confidence
Finding
write to include: what the skill does + trigger conditions ("Use when...") 4. **Extraneous files** — Delete README.md, INSTALLATION_GUIDE.md, CHANGELOG.md, etc. 5. **Wrong location** — If a skill is o

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal