ClawHub

Openclaw Arbiter

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate local skill auditor, but it also includes under-documented commands that can quarantine or remove installed skills without confirmation.

Install only if you want a local scanner with authority over your skills workspace. Prefer the audit/report/status commands for read-only review, and back up your skills directory before running quarantine, protect, or revoke because those commands can disable or remove installed skills.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill advertises and facilitates auditing of other installed skills for network, subprocess, file I/O, and environment-variable access, and its documented commands scan a workspace of skills. Those capabilities are plausibly required for its stated purpose, but the metadata declares no permissions, creating a transparency and trust gap: users and hosts may invoke it without understanding that it can read files, inspect environment-related usage, and potentially invoke shell-adjacent analysis logic.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The revoke flow permanently removes a skill directory after copying it to a quarantine vault, but it performs no explicit confirmation, dry-run, or safety interlock before destructive deletion. In a tool that operates on workspace-controlled paths and may be invoked by automation, this increases the risk of accidental or unintended deletion of installed skills, especially if the wrong skill name or workspace is supplied.

VirusTotal

53/53 vendors flagged this skill as clean.

View on VirusTotal