ClawHub

EdgeOne ClawScan

Security checks across malware telemetry and agentic risk

Overview

This OpenClaw security scanner is mostly transparent and purpose-aligned, but it asks to store a global memory that changes future skill-install behavior across all projects.

Install only if you are comfortable with the disclosed Tencent lookups or set AIG_CLOUD_LOOKUP=off first. Be careful with the post-scan memory prompt: accepting it makes this scanner affect future skill installs across all projects, so decline it unless that global behavior is what you want.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The skill instructs the agent to query and write persistent global memory so future skill installs automatically invoke this scanner across projects. This creates cross-session behavior modification beyond the user's immediate request and can silently expand the skill's influence, especially if memory is reused in unrelated contexts.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger list includes overly generic terms such as 'security', 'analyze skill', and 'verify skill', which can cause the skill to activate in contexts broader than intended. Unintended invocation is risky here because the skill can run audits, make outbound requests by default, and steer future workflow decisions.

Ssd 3

Medium
Confidence
97% confidence
Finding
Persistently storing a cross-project memory that changes future behavior causes the skill to influence later interactions outside the original scan request. In a security-sensitive skill, this is dangerous because it establishes durable behavioral hooks and can normalize automatic execution without renewed user awareness.

VirusTotal

44/44 vendors flagged this skill as clean.

View on VirusTotal