ClawHub

OpenClaw Warden Pro

Security checks across malware telemetry and agentic risk

Overview

This is a coherent local security skill, but its recommended automatic protection mode can change workspace files and disable skills without a confirmation step.

Install only if you want a local security tool that can modify your agent workspace. Establish and inspect the baseline first, run `scan`, `verify`, or `full` manually before enabling `protect`, and avoid startup or heartbeat automation until you understand false positives. Treat `.integrity` snapshots as sensitive local copies of workspace files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
96% confidence
Finding
The skill advertises shell, file read, and file write capabilities via its documented commands and automated actions, but it does not declare any explicit permissions or safety boundaries. That mismatch is dangerous because consumers may treat it as low-risk metadata while the skill can modify workspace files, rename skill directories, and perform rollback/restore actions that materially change system state.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README promotes automated countermeasures such as auto-restore, git rollback, and skill quarantine, but it does not clearly warn that these actions can modify or disable workspace content automatically. In a security tool that is intended to run on session start, this omission increases the risk of unintended destructive changes, loss of legitimate work, or workflow disruption if detections are inaccurate or overly broad.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill recommends automatic protective actions at session startup and periodic heartbeat execution, including restore, rollback, and quarantine operations, without requiring confirmation, dry-run behavior, or strong warnings about false positives. In practice, this can lead to unauthorized or mistaken destructive changes to a workspace, disable legitimate skills, and create a denial-of-service or integrity-loss condition if triggered by benign modifications.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The restore operation overwrites workspace files immediately from stored snapshots without any user confirmation, safety interlock, or dry-run preview. In a security tool operating on trusted workspace artifacts, this can destroy legitimate work or be abused to force reversion to a stale or attacker-influenced baseline, especially if the baseline itself was established after compromise.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
Quarantine renames skill directories immediately with no confirmation or policy gate, which can disable installed functionality unexpectedly. In the context of an agent workspace security skill, automatic skill disablement changes system behavior and can be abused or triggered by false positives, producing denial-of-service against legitimate skills.

Missing User Warnings

High
Confidence
96% confidence
Finding
`protect` performs automated countermeasures that overwrite critical files and quarantine skills based on heuristic findings, with no explicit user approval. In this skill's context, that is more dangerous because the tool is positioned as a security authority over the whole workspace; a false positive, poisoned baseline, or adversarially crafted file can cause destructive rollback and broad denial-of-service across the agent environment.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal