ClawHub

Skill Publisher — ClawHub 一键发布器

Security checks across malware telemetry and agentic risk

Overview

This skill appears to help publish OpenClaw skills, but it gives an agent too much state-changing authority without a clear confirmation step.

Review before installing. Use it only when you intentionally want an agent to publish a specific local skill to ClawHub, and require a dry-run summary plus explicit confirmation before global installs, CLI patching, token use, or remote publication.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger phrases are broad enough to match ordinary user requests about publishing, which can cause the skill to activate unexpectedly. In this skill, accidental activation is meaningful because the documented workflow performs package installation, local file checks, CLI patching, and remote publication using user credentials.

Missing User Warnings

High
Confidence
97% confidence
Finding
This section directs the agent to install software globally, modify files inside the installed CLI with sed, and then publish content to a remote service, but it does not require an explicit warning or confirmation for those state-changing actions. That combination is dangerous because an unintended or misunderstood invocation could alter the host environment and perform an external publication with lasting effects.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The example tells the agent to execute the entire publish flow immediately once a token and path are provided, without a separate confirmation step for credential use or external publication. This increases the chance of accidental disclosure of intent, misuse of provided credentials, or publishing the wrong local directory to the remote service.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal