ClawHub

OpenA2A Security

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate security-audit skill, but it tells the agent to run an unpinned npm tool against sensitive OpenClaw files while claiming no network or data exposure.

Review before installing or running. The security-audit purpose is coherent and no destructive or exfiltration behavior is present in the skill text, but only run it if you trust and verify the `hackmyagent` npm package. Prefer a pinned version or preinstalled reviewed binary, and avoid running it over credential-bearing OpenClaw directories in a sensitive environment without containment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The skill claims it runs entirely locally with no external API calls, but its prescribed use of `npx hackmyagent` can cause npm to resolve, download, and execute remote package code if the package is not already installed. That creates a supply-chain execution path and undermines the user's trust assumptions about locality and data exposure.

Scope Creep

High
Confidence
93% confidence
Finding
The manifest declares `network: []`, implying no network usage, yet the documented execution path uses `npx`, which commonly contacts the npm registry to fetch packages or metadata. This mismatch can bypass operator expectations and weakens permission-based trust boundaries for a security-oriented skill.

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The documentation states that no data leaves the machine and that the skill runs locally, but `npx` introduces a realistic chance of external network contact to package registries. For a security scanner, inaccurate assurances are especially risky because users may run it on sensitive environments under false assumptions.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal