ClawHub

Openclaw Marshal

Security checks across malware telemetry and agentic risk

Overview

This is a local security auditing tool, but it includes under-documented enforcement commands that can rename installed skills and overwrite policy files without an explicit confirmation step.

Install only if you want a local compliance tool with active enforcement capabilities. Use audit/check/report/status for read-focused review, and run enforce, protect, quarantine, or templates only after backing up the workspace and confirming you are comfortable with skills being renamed or policy files being replaced.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill documentation exposes shell execution plus environment, file read, and file write capabilities, but the manifest does not declare any permissions or equivalent safety metadata. This creates a transparency and governance gap: users or policy engines may underestimate what the skill can do, increasing the chance of unsafe invocation in sensitive workspaces.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The enforce flow automatically renames skill directories into quarantine when critical findings are detected, without confirmation, dry-run mode, or rollback safeguards. In an agent skill context this can unexpectedly disable installed skills and disrupt workspace operation if findings are triggered incorrectly or by policy misconfiguration.

Missing User Warnings

Medium
Confidence
79% confidence
Finding
Applying a template overwrites the active policy immediately after an optional backup, with no interactive confirmation or explicit overwrite flag. This can silently replace security policy and alter enforcement behavior across the workspace, weakening controls or causing unintended quarantines.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The protect command auto-creates and writes a default policy when none exists, changing workspace state without consent. In a security tool this is risky because it can impose unintended policy decisions and trigger enforcement actions based on defaults the operator never reviewed.

Session Persistence

Medium
Category
Rogue Agent
Content
### Initialize Policy

Create a default security policy file (`.marshal-policy.json`) with sensible defaults.

```bash
python3 {baseDir}/scripts/marshal.py policy --init --workspace /path/to/workspace
Confidence
88% confidence
Finding
Create a default security policy file (`.marshal-policy.json`) with sensible defaults. ```bash python3 {baseDir}/scripts/marshal.py policy --init --workspace /path/to/workspace ``` ### Show Policy

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal