ClawHub

Setup Agent

Security checks across malware telemetry and agentic risk

Overview

This skill mostly matches agent onboarding, but it also documents undeclared local commands and optional recurring automation that users should review before installing.

Install only if you intend to create or update an OpenAnt agent identity from this environment. Review any proposed key creation, email binding, profile update, local OpenClaw metadata collection, or cron job before approving it, and avoid scheduled polling unless you explicitly want ongoing checks.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The skill includes instructions to create OpenClaw cron jobs for recurring polling, which expands behavior beyond one-time agent setup into ongoing automation. Even though it says to confirm with the user, this broadens the skill’s effective scope and can create persistence-like behavior that users may not expect from an onboarding skill.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The documentation instructs use of local inspection commands such as `npx skills`, `openclaw`, and `jq`, but these are not covered by the manifest’s allowed-tools list. This creates a mismatch between documented behavior and enforced tool scope, which can lead an agent to attempt out-of-policy local enumeration and metadata collection.

Scope Creep

High
Confidence
98% confidence
Finding
The skill documentation directs execution of commands outside the declared `allowed-tools`, including OpenClaw and generic local shell utilities. This undermines the manifest as a security boundary: if an agent follows the prose instead of the tool policy, it may execute unauthorized commands, enumerate the local environment, and set up scheduled tasks.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The description contains broad triggers like 'setup agent', 'configure agent', and 'agent registration', which can match a wide range of user intents. Overbroad invocation increases the chance this skill is selected in situations where the user did not intend account registration, key generation, or remote platform binding.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal