ClawHub

OpenClaw Master Ops

Security checks across malware telemetry and agentic risk

Overview

This is a broad OpenClaw administration skill with powerful but disclosed operations guidance and a local release-tracking helper.

Install this only if you want an assistant to help with high-privilege OpenClaw administration. Review the Python release-tracker before running it, adapt hardcoded paths, avoid exposing secrets or credential directory listings in chat or logs, and require explicit approval before fixes, resets, secret reads or writes, plugin changes, publishing, or scheduled cron jobs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill advertises and documents shell, network, and file-writing behaviors but does not declare any permissions or capability boundaries. In an agent ecosystem, this undermines policy enforcement and informed consent because the skill can trigger high-risk actions without an explicit permission contract.

Tp4

High
Category
MCP Tool Poisoning
Confidence
87% confidence
Finding
The skill description presents itself as a general operations/reference skill, but it also includes operational behaviors such as fetching data from GitHub, reading local files from a hardcoded path, and exporting data. That mismatch can cause an agent or user to invoke the skill in contexts where they do not expect external network activity, local file access, or artifact generation.

Missing User Warnings

Medium
Confidence
69% confidence
Finding
The document lists sensitive and potentially destructive operations such as repair, token generation, secret retrieval, secret setting, and secret deletion in a compact command reference without strong inline warnings or approval guidance. In a high-privilege operations skill, this can normalize risky actions and increase the chance an agent executes them prematurely or without sufficient user awareness.

File System Enumeration

Medium
Category
Data Exfiltration
Content
openclaw channels status <channel>

# 2. Verify credentials exist
ls -la ~/.openclaw/credentials/

# 3. Re-authenticate
openclaw channels auth <channel>
Confidence
72% confidence
Finding
ls -la ~/

Self-Modification

High
Category
Rogue Agent
Content
1. **Run sync** — `python3 scripts/release-tracker.py sync`
2. **Check breaking** — `python3 scripts/release-tracker.py breaking`
3. **Review skill updates** — `python3 scripts/release-tracker.py skill-update`
4. **Update skill if needed** — Edit SKILL.md based on breaking changes
5. **Republish** — `clawhub publish ... --version 1.X.0 --changelog "Updated for OpenClaw <version>"`

### Breaking Change Detection
Confidence
91% confidence
Finding
Update skill

Self-Modification

High
Category
Rogue Agent
Content
1. **Run sync** — `python3 scripts/release-tracker.py sync`
2. **Check breaking** — `python3 scripts/release-tracker.py breaking`
3. **Review skill updates** — `python3 scripts/release-tracker.py skill-update`
4. **Update skill if needed** — Edit SKILL.md based on breaking changes
5. **Republish** — `clawhub publish ... --version 1.X.0 --changelog "Updated for OpenClaw <version>"`

### Breaking Change Detection
Confidence
91% confidence
Finding
Edit SKILL

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal