ClawHub

Knowledge Sync

Security checks across malware telemetry and agentic risk

Overview

This skill has a clear sync-and-backup purpose, but it can continuously copy and push private workspace files and mirror-delete destination files without enough scoping or confirmation.

Install only if you intentionally want continuous background synchronization of your OpenClaw workspace to Nutstore/Obsidian and a Git remote. Before enabling systemd or cron, verify the remote is private, add .gitignore and secret-scanning protections, narrow the synced paths, remove or gate rsync --delete and --no-verify, and test with a dry run or disposable backup first.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The README promotes continuous file synchronization and automated Git push/pull but does not warn users that local changes may be propagated automatically, that sensitive knowledge-base contents may be copied to third-party services, or that unattended pulls can introduce integrity and merge/conflict issues. In a synchronization skill, these behaviors are core functionality, so the omission is not malicious by itself, but it materially increases the risk of accidental data exposure, unwanted overwrites, and trust in unreviewed remote updates.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly promotes automatic Git push/pull, Gitee backup, Nutstore sync, and multi-device synchronization, but does not warn that local knowledge files may be continuously transmitted to third-party services and other devices. In a knowledge-base context, synchronized files are likely to contain sensitive notes, credentials, internal documents, or personal data, so silent or under-disclosed exfiltration risk is material.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
This script automatically stages all changes, commits them, and pushes to a remote without any interactive confirmation or scoping, which can transmit unintended files or sensitive data off-host. In the context of a real-time knowledge synchronization skill, this behavior is more dangerous because it is designed to run unattended and repeatedly, increasing the chance of accidental exfiltration or unauthorized repository modifications.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script performs `rsync -av --delete` during initial synchronization, which will remove any files present in the destination but not in the source. In a real-time knowledge sync skill that targets cloud-backed directories, this can cause unintended data loss if the destination contains user-created, device-specific, or stale-but-needed files, especially because the script does not require confirmation, dry-run, or explicit warning before destructive mirroring.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal