ClawHub

Omnia

Security checks across malware telemetry and agentic risk

Overview

The skill is coherent and not malicious, but it encourages broad, durable agent logging without enough limits on sensitive data retention.

Review before installing. Use it only where persistent agent memory and audit logging are wanted, avoid storing secrets or regulated data, define retention and deletion practices up front, and review the external npm/GitHub package before running it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The skill metadata explicitly says to use the skill not only for concrete persistence tasks but also whenever users mention broad topics like AI safety, agent health, molting, or specific keywords. That creates an over-broad activation surface that can inject persistence, logging, or workflow changes into unrelated conversations, increasing the chance of unnecessary data retention and unintended execution of the skill’s guidance.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The document promotes an append-only, immutable audit trail and persistent cross-session storage as a default benefit, but it does not pair that guidance with clear user consent, retention limits, or privacy warnings. In an agent setting, this can cause sensitive prompts, personal data, secrets, or regulated content to be retained indefinitely and later exposed through logs, snapshots, or downstream integrations.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The OpenClaw integration guidance says snapshots are stored in the agent workspace for crash recovery, but provides no warning that snapshots may contain sensitive model state, user inputs, decisions, or tokens. Workspace persistence broadens the exposure surface because other tools, sessions, or operators may access those files after the original context has ended.

Ssd 3

Medium
Confidence
96% confidence
Finding
The quick-start and usage guidance encourages recording everything in an append-only ledger and preserving audit data across sessions. This is a genuine data-retention risk because agents often process confidential user inputs, internal prompts, and action history, and immutable logs make later minimization or deletion difficult.

Ssd 3

Medium
Confidence
95% confidence
Finding
The integration example instructs agents to append all significant actions to a persistent ledger across sessions, which operationalizes broad collection and long-term storage of agent behavior and potentially user-derived data. In context, this is more dangerous because the skill is specifically designed for continuity and identity persistence, so over-collection is not incidental but built into the recommended deployment model.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal