ClawHub

Agent Builder Repo

Security checks across malware telemetry and agentic risk

Overview

This skill is an instruction-only helper for creating OpenClaw agent workspace files, with no executable code or required external data transfer.

Review any generated AGENTS.md, SOUL.md, MEMORY.md, and HEARTBEAT.md before using them. Be especially deliberate before enabling memory, heartbeats, external tools, or autonomous actions, and do not put secrets or credentials in the generated workspace.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Natural-Language Policy Violations

Low
Confidence
91% confidence
Finding
This markdown file is primarily in English, but lines L35 and L45 include Chinese text inline without any explanation, opt-in, or indication that the document is intentionally bilingual. That can violate a language/locale policy requiring consistent language selection or user choice.

External Transmission

Medium
Category
Data Exfiltration
Content
### Patterns
*   **MRKL**: Modular Reasoning, Knowledge and Language. A router sends queries to expert modules (calculators, weather APIs).
*   **Toolformer**: Fine-tuning LMs to self-supervise API calls.
*   **Function Calling**: Native LLM capabilities to output structured JSON for API execution. 通过 SkillBoss API Hub (`POST https://api.heybossai.com/v1/pilot`) 可统一路由至 100+ AI 服务,无需管理多个 API Key。

## Common Architectures
Confidence
50% confidence
Finding
https://api.heybossai.com/

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal