ClawHub

龙虾安全卫士

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed static security scanner whose local reads, GitHub access, and temporary files match its stated purpose, though users should invoke it deliberately.

Install this only if you want an agent to inspect installed OpenClaw skills and public GitHub skill repositories. Leave OPENCLAW_NONINTERACTIVE unset unless you intentionally want to skip prompts, avoid running it as root, and use an isolated environment if your skills directory may contain secrets.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Intent-Code Divergence

Medium
Confidence
87% confidence
Finding
The scanner downplays outbound network access by labeling it as expected for some skill categories, even though this script is meant to audit arbitrary skills for safety. In context, that weakens detection fidelity and may cause users to underestimate genuinely dangerous exfiltration or command-and-control behavior in scanned code.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger phrases are broad, natural-language requests such as '安全审计', '漏洞检测', and '帮我看看这个技能', which can overlap with ordinary conversation and cause the skill to activate unintentionally. In this skill's context, accidental activation is more concerning because the documented behavior includes reading local skill directories, accessing GitHub, and cloning repositories into /tmp, so a false trigger can expose local metadata or initiate unnecessary network/file operations.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger phrase "帮我看看这个技能" is broad and conversational, and can match ordinary user requests that are not explicit consent to invoke a privileged security-scanning skill. Because this skill reads local skill directories and may inspect potentially sensitive files, accidental invocation can expose more data than the user intended and broaden the skill’s effective activation surface.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal