ClawHub

openclawselfguard

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed OpenClaw vulnerability monitor, but it installs an enabled daily agent job and can falsely report no vulnerabilities when its data-source checks fail.

Install only if you want an enabled daily OpenClaw cron job. Review setup_cron.sh first, confirm how to disable or remove the openclaw-self-guard entry, and do not rely on its vulnerability results until the helper argument parsing and fail-open no-vulnerability behavior are fixed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (7)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The metadata description states the skill 'auto-installs daily cron job' but does not clearly foreground that setup modifies the user's system persistence by creating a scheduled task. Automatic persistence mechanisms require explicit disclosure and consent because they change host behavior beyond a one-time manual check and may surprise users or violate environment policies.

Natural-Language Policy Violations

Medium
Confidence
82% confidence
Finding
The usage examples and output are presented in Chinese-centric form without offering a language selection or clearly documenting alternatives, which can impair user understanding of what the skill does and what it reports. In a security-monitoring skill, unclear or inaccessible messaging increases the chance users miss warnings, misunderstand actions, or invoke the tool incorrectly.

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.28.0
beautifulsoup4>=4.12.0
lxml>=4.9.0
Confidence
95% confidence
Finding
requests>=2.28.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.28.0
beautifulsoup4>=4.12.0
lxml>=4.9.0
Confidence
95% confidence
Finding
beautifulsoup4>=4.12.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.28.0
beautifulsoup4>=4.12.0
lxml>=4.9.0
Confidence
95% confidence
Finding
lxml>=4.9.0

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
85% confidence
Finding
requests

Known Vulnerable Dependency: lxml — 10 advisory(ies): CVE-2021-43818 (lxml's HTML Cleaner allows crafted and SVG embedded scripts to pass through); CVE-2014-3146 (lxml Cross-site Scripting Via Control Characters); CVE-2021-28957 (lxml vulnerable to Cross-Site Scripting ) +7 more

High
Category
Supply Chain
Confidence
88% confidence
Finding
lxml

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal