ClawHub

Openclaw Vault

Security checks across malware telemetry and agentic risk

Overview

This is a local credential-audit tool, but it includes under-documented commands that can change permissions and move files.

Review before installing. Use an explicit --workspace, treat output as sensitive, and only run protect, fix-permissions, quarantine, or unquarantine when you intentionally want local files or permissions changed and have a backup or clean version-control state.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill advertises and instructs execution of a local Python script that audits workspaces, shell history, git config, log files, and credential files, which implies broad file/system access and possible shell execution, yet the skill declares no explicit permissions. This creates a transparency and least-privilege problem: users and hosting platforms are not given a clear permission boundary for highly sensitive data access.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The scanner reads shell history from the user's home directory, not just the declared workspace. In an agent skill context, this broadens access to highly sensitive secrets outside the project boundary and can exfiltrate credentials from unrelated personal or system contexts.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
Reading ~/.gitconfig extends data access beyond the workspace and may expose embedded credentials or sensitive repository metadata from the user's global environment. In an agent skill, that violates least-privilege expectations because analyzing one workspace should not automatically inspect unrelated personal configuration.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The exposure scan reads shell RC files from the user's home directory, which commonly contain exported secrets, aliases, and tokens unrelated to the workspace. This makes the skill significantly more dangerous because it silently expands from workspace auditing into harvesting sensitive user-environment data.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README explicitly states that the skill scans shell history, git config, log files, and credential inventories, all of which can contain highly sensitive secrets and personal data, but it provides no warning about privacy implications, scope, or safe handling of discovered data. In an agent-skill context, this omission is dangerous because users may run the tool against workspaces without understanding that it will inspect and surface sensitive material beyond source code.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README advertises auto-fix permissions, exposure auto-remediation, secure credential injection, and session startup hooks, but does not warn that these features may modify files, permissions, environment state, or startup behavior. This creates a real safety risk because users may enable or trust these capabilities without understanding their side effects, potentially causing unauthorized changes or weakening system stability.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The automated protection flow moves files into quarantine without confirmation when it classifies them as high-risk. In an agent setting, automatic file relocation can break applications, disrupt builds, or cause data loss/confusion if detections are wrong or paths are unexpected.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal