ClawHub

Free Mission Control for OpenClaw AI Agents

Security checks across malware telemetry and agentic risk

Overview

This documentation-only skill is purpose-aligned, but the dashboard it directs users to run can read Claude session files, edit persistent agent identity/memory files, run local commands, persist as a service, and optionally sync data to a cloud service.

Install only after reviewing and pinning the external GitHub code you will actually run. Keep the dashboard on localhost or behind strong authentication, use least-privilege GitHub and MissionDeck keys, verify exactly what is read from ~/.claude/projects and what syncs to the cloud, and back up SOUL.md, MEMORY.md, IDENTITY.md, and .mission-control before editing or resetting data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill advertises browser-based editing of sensitive local agent files such as SOUL.md, MEMORY.md, and IDENTITY.md, plus automatic backup on save, without clearly warning that this feature modifies local filesystem contents. In the context of an agent-control dashboard, silent or under-emphasized file modification can lead users to unintentionally alter agent behavior, prompt data, or persistent memory, increasing the risk of integrity loss or misuse if access controls are weak.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation includes destructive reset commands that delete task data and the entire `.mission-control/` directory without any warning, confirmation step, backup guidance, or scope-limiting safeguards. In an agent-oriented operational dashboard, users may copy-paste these commands directly, causing accidental data loss or service disruption.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal