ClawHub

Plugin Publisher

Security checks across malware telemetry and agentic risk

Overview

This skill openly helps create, package, and publish plugins, and its file, GitHub, packaging, and OpenClaw installer behaviors match that purpose.

Install this only if you want an agent to help create or publish plugins. Before allowing it to run commands or generated scripts, review the target repo, branch, visibility, files to be packaged, installer contents, and OpenClaw workspace path; avoid putting secrets into generated plugin files, memory, or data folders.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
87% confidence
Finding
The skill instructs the agent to run shell commands for repo creation, git operations, zipping, and install-script execution, but it does not declare permissions or clearly constrain when those actions may occur. In an agent environment, hidden or implicit shell capability increases the chance of unauthorized filesystem and repository modification because reviewers and users cannot easily tell that execution-level actions are in scope.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger guidance is extremely broad, including cases where the user merely says 'plugin' in the context of creation or distribution. Over-broad auto-activation can route unrelated requests into a high-impact skill that performs file, packaging, and repository operations, increasing the risk of accidental execution and unintended side effects.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill includes instructions to clone repositories, create repos, copy files, commit, push, and package artifacts without a mandatory user-facing warning or explicit consent checkpoint. In a plugin-publishing context, these are high-impact actions affecting source control, local files, and distribution artifacts, so omission of confirmation materially raises the risk of unauthorized or premature changes.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The template explicitly states that 'Everything the agent can do is described in AGENTS.md, and the user triggers it through natural conversation,' but it does not require explicit activation phrases, confirmation gates, or scope checks. In a plugin-publishing workflow that can scaffold files, generate install scripts, and potentially push to GitHub, overly broad conversational triggering increases the chance of unintended high-impact actions being initiated from ambiguous user input or prompt injection embedded in surrounding content.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal