ClawHub

Skill Manage

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real skill-management tool, but its uninstall behavior and hard-coded local paths need careful review before use.

Install only if you are comfortable reviewing or fixing the script first. Back up installed skills and config files, replace the hard-coded C:\Users\andy8 paths with your own OpenClaw paths, use --dry-run before uninstalling, and avoid the preserve option until config-file deletion is corrected.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger phrase "帮我管理 Skill" is broad and can invoke this skill without the user clearly requesting a specific read-only or destructive action. In a skill that includes update and uninstall capabilities, vague invocation increases the risk of unintended entry into a management flow that could lead to accidental changes if follow-up confirmation is weak or misinterpreted.

Vague Triggers

Low
Confidence
86% confidence
Finding
The phrase "更新某个 Skill" does not require the target skill name at invocation time, which can cause ambiguous or mistaken execution against the wrong package. In a management skill that can fetch and apply updates from external sources, ambiguity can result in unintended modifications to the local environment.

Vague Triggers

Low
Confidence
91% confidence
Finding
The phrase "卸载某个 Skill" lacks a mandatory target identifier, creating a risk that the system may infer or default to the wrong skill during a destructive operation. Because uninstall removes local content, ambiguity here is more dangerous than a read-only action and can cause accidental deletion or service disruption.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal