ClawHub

Multi-Agent Deployment Skill for OpenClaw

Security checks across malware telemetry and agentic risk

Overview

This skill is mostly coherent for deploying multi-agent systems, but it can expose unauthenticated coordination services and create cloud resources without enough safeguards.

Install only if you are prepared to review and harden the deployment. Use --dry-run first, bind the REST API to localhost unless you add authentication, avoid public Cloud Run/Azure exposure by default, restrict CORS, put the service behind TLS and an authenticated proxy or IAM, and review generated cloud resources before allowing the script to deploy.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The default router uses very broad trigger words like "help," "support," "create," "write," and "check," which overlap heavily with ordinary user requests. In a multi-agent skill that can scaffold files, modify configs, and deploy infrastructure, such broad routing raises the chance of accidental activation of powerful agent behaviors in contexts where the user did not intend deployment or code-generation actions.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill describes exposing a REST API and deploying to multiple cloud platforms but provides no prominent warning about authentication, authorization, encryption, network exposure, or handling sensitive shared-memory contents. In practice, this can lead users to stand up an unauthenticated service or internet-exposed deployment that leaks inter-agent state or permits unauthorized writes.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script proceeds from dependency checks directly into deployment and resource-generation actions without any interactive confirmation, approval flag, or prominent irreversible-action warning. In a deployment skill intended for production multi-agent fleets, this increases the likelihood of accidental cloud resource creation, unexpected spend, and unintended exposure caused by operator error or automation misuse.

Missing User Warnings

High
Confidence
99% confidence
Finding
The GCP deployment path uses gcloud run deploy with --allow-unauthenticated, which makes the service publicly accessible without requiring authentication. Because this is done automatically and without a clear warning or opt-in, it can expose an administrative or agent-coordination gateway to the internet, increasing the risk of unauthorized access, data leakage, and abuse.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The file advertises and implements a REST API that exposes shared-memory read and write operations with no authentication, authorization, or transport protection. In a production multi-agent deployment context, this allows any process or network client that can reach the listener to read sensitive coordination data, inject false state, or disrupt agent workflows, especially if the operator binds to a non-localhost interface.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal