ClawHub

Openclaw Sage

Security checks across malware telemetry and agentic risk

Overview

This documentation skill is coherent and purpose-aligned, but some bundled OpenClaw configuration examples should be treated as security-sensitive opt-in settings.

Install only if you want a local helper that runs scripts to fetch and cache OpenClaw documentation. Review any configuration snippets before copying them: avoid enabling bash/browser tools or binding services to 0.0.0.0 unless you understand the exposure and have sandboxing, authentication, and network controls in place.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
84% confidence
Finding
The documentation config enables broad skills/tools ("bash", "browser") for agents by default, which exceeds what a documentation-only expert appears to need. In a skill meant for answering OpenClaw documentation questions, advertising powerful general-purpose capabilities increases the chance that operators will deploy unnecessary execution and browsing surfaces, expanding attack paths and blast radius.

Context-Inappropriate Capability

High
Confidence
90% confidence
Finding
Enabling the bash tool by default is especially risky because it can execute shell commands, access local files, and interact with the host environment. For a documentation expert, this capability is not justified by the stated purpose, so including it in common config snippets may normalize unsafe deployments and materially increase the impact of prompt injection or misconfiguration.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The tools configuration turns on bash and browser without warning users that these tools may access the local system, files, network resources, or sensitive data. In documentation, omission of such warnings can mislead users into enabling high-risk capabilities by default and underestimating the consequences of agent misuse or compromise.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
Binding the gateway to 0.0.0.0 exposes the service on all network interfaces, which can unintentionally make it reachable beyond localhost. Without a clear warning, users may deploy the service on shared or internet-connected hosts and expose administrative or agent endpoints to unauthorized access.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal