ClawHub

Sovereign Intelligence System - Equilibrium-native reasoning for OpenClaw

Security checks across malware telemetry and agentic risk

Overview

This skill is mostly a symbolic reasoning library, but it contains an undisclosed hard-coded Python import path that could load unreviewed local code.

Review before installing. Ask the publisher to remove the hard-coded /home/claude/sis sys.path change and use package-relative imports from the bundled files. Treat the equilibrium checks as an advisory reasoning aid, not a safety guarantee, and only enable file persistence for data you are comfortable storing locally.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The skill states that its reasoning 'applies automatically to operations that use the skill' without defining explicit activation triggers, scope boundaries, or opt-in conditions. In an agent environment, vague auto-activation language can cause the skill to influence ordinary requests unexpectedly, increasing the chance of prompt collisions, unintended routing, or silent behavioral changes.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The example invocations are broad natural-language phrases such as 'Analyze this decision using equilibrium constraints' and 'Find the balanced solution to this tradeoff,' which are close to normal user prompts. If the platform matches skills via semantic similarity or keyword overlap, these examples can cause accidental triggering during routine conversations, leading to unanticipated behavior or priority over safer/default handling.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
Modifying sys.path at runtime to prepend a hardcoded directory changes Python import resolution globally for this process, allowing modules from that location to shadow expected packages. If an attacker can write to /home/claude/sis or influence its contents, imports such as core.symbol could resolve to malicious code and execute during import, making this a real supply-chain/import-hijack risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal