ClawHub

OpenClaw Skill Lazy Loader

Security checks across malware telemetry and agentic risk

Overview

This is a coherent lazy-loading template and local recommendation helper with no evidence of hidden data access or unsafe automation.

Reasonable to install if you want lazy skill loading. Review the AGENTS.md changes before merging them, keep SKILLS.md limited to trusted skill paths, and treat the helper’s keyword recommendations as advisory rather than authoritative.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
70% confidence
Finding
Without declared permissions the skill's intent is opaque and cannot be validated.

Hidden Instructions

High
Category
Prompt Injection
Content
# SKILLS — Available Skills Catalog

<!--
This is your agent's skill index. Load this file at session start (it's lightweight).
Load individual SKILL.md files only when a task actually needs them.
Part of: OpenClaw Skill Lazy Loader (clawhub install openclaw-skill-lazy-loader)
Confidence
70% confidence
Finding
<!-- This is your agent's skill index. Load this file at session start (it's lightweight). Load individual SKILL.md files only when a task actually needs them. Part of: OpenClaw Skill Lazy Loader (cla

Self-Modification

High
Category
Rogue Agent
Content
cp ~/.openclaw/skills/openclaw-skill-lazy-loader/SKILLS.md.template ~/my-agent/SKILLS.md
cp ~/.openclaw/skills/openclaw-skill-lazy-loader/AGENTS.md.template ~/my-agent/AGENTS.lazy.md

# 3. Edit SKILLS.md — fill in your actual skills
# 4. Merge AGENTS.lazy.md into your AGENTS.md
# 5. Test with context_optimizer.py
python3 ~/.openclaw/skills/openclaw-skill-lazy-loader/context_optimizer.py recommend "your next task"
Confidence
85% confidence
Finding
Edit SKILL

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal