ClawHub Quarantine Installer

Security checks across malware telemetry and agentic risk

Overview

This skill appears purpose-built for security testing, but it can force-install untrusted skills without strong built-in containment.

Install only in a disposable workspace, container, or VM with no valuable credentials or personal files. Treat audited skills as untrusted code, review the exact target skill before running the installer, and avoid using this on your normal OpenClaw profile unless you are comfortable with persistent skill-environment changes.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The script executes `npx clawhub install` on a user-supplied skill name, which fetches and installs third-party content from outside the trust boundary. In the context of a quarantine installer, this is inherently dangerous because installation of untrusted packages may trigger lifecycle scripts or other code execution during install, yet the script provides no safety gating, sandbox enforcement, or explicit warning before doing so.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal