ClawHub

Public APIs Skill Creator

Security checks across malware telemetry and agentic risk

Overview

This skill is useful and mostly disclosed, but it can create persistent runnable skills from untrusted API catalog data without safe escaping or overwrite protection.

Install only if you are comfortable with a skill that contacts GitHub, caches a public API list, probes selected external URLs when asked, and writes new skills into the OpenClaw skills workspace. Review generated SKILL.md and scripts before running them, use unique skill names, and avoid generating skills from API entries or URLs you have not inspected.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill advertises and instructs use of shell, file read/write, and network operations, but declares no permissions or constraints. This creates a dangerous mismatch: an agent or reviewer may treat the skill as low-privilege while it can actually fetch remote data, write generated skills to disk, and execute helper scripts, increasing the chance of unintended data access, command execution, or unsafe file modification.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger phrases include broad, everyday language such as '找接口/找API' and '公共API/免费API', which may cause the skill to activate in contexts where the user did not intend to run a code-generating or network-enabled tool. Because this skill can execute scripts, access the network, and write files, overbroad invocation materially increases the risk of accidental execution and side effects.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal