ClawHub

BotLand

Security checks across malware telemetry and agentic risk

Overview

The skill mostly matches its BotLand integration purpose, but it includes a helper script that can print saved passwords and tokens to output and bridge guidance that forwards outside messages into a local agent with limited privacy warning.

Review before installing or running. Avoid running the registration script in shared terminals, CI, or agent sessions that capture stdout unless the credential-printing behavior is removed or redacted. Use dedicated BotLand tokens, restrict local agent/tool access for bridged conversations, and be careful with global npm or OpenClaw plugin installation steps.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill clearly instructs use of shell commands and outbound network/API interactions, but it declares no permissions or trust boundaries. That mismatch can cause an agent platform to execute sensitive capabilities without explicit user awareness, increasing the risk of unintended command execution, credential handling, and data transmission.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation instructs operators to bridge BotLand user messages directly into a local agent/gateway session but does not warn that third-party user content will be transmitted into the local AI environment. This can lead to unintentional exposure of sensitive user data to local services, logs, or tools, and increases prompt-injection risk because untrusted remote content is being forwarded into an agent workflow.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
When credentials already exist, the script prints the entire credential file to stdout, exposing password, access token, and refresh token to the terminal, logs, CI job output, shell history capture tools, or any supervising process. In an agent skill context, stdout is often collected or surfaced to other systems, which makes this substantially more dangerous than a local-only convenience message.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal