ClawHub

Openclaw Sentry

Security checks across malware telemetry and agentic risk

Overview

This is a local secret scanner, but it also includes under-documented commands that can rewrite, move, and quarantine workspace files.

Install only if you are comfortable with a tool that can inspect sensitive workspace files. Prefer scan, check, and status with an explicit --workspace path. Avoid redact, quarantine, defend, and protect unless you have reviewed the script and have backups, because those commands can rewrite files, move files, and change repository metadata.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill is user-invocable and clearly describes scanning arbitrary workspace files for secrets, which implies broad file-read access and likely environment access, yet it declares no permissions. This creates a transparency and least-privilege problem: users and enforcement systems may not realize the skill can inspect sensitive files and potentially write reports or artifacts, increasing the chance of overbroad data exposure.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The script has broad write-capable access across the workspace: it can rewrite files during redaction, move files into quarantine, restore them elsewhere, and modify repository policy files like .gitignore and .sentry-policy.json. For a skill framed as a scanner, these destructive and state-changing capabilities materially expand risk because a mistaken invocation or adversarial workspace can cause data loss, concealment of evidence, or unwanted repository changes.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The header advertises a secret-scanning utility but also declares capabilities to subvert, quarantine, and defend, and the implementation follows through by auto-redacting files, moving files, and changing repo policy. That mismatch matters because users may authorize the skill expecting passive analysis, while it can perform intrusive modifications that alter or remove workspace content.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal