ClawHub

Sleep

Security checks across malware telemetry and agentic risk

Overview

The skill matches its stated sleep-and-resume purpose, but it gives a persistent hook and autonomous reset flow enough sensitive authority that users should review it before installing.

Install only if you want a persistent workspace hook that can restore saved notes after resets. Require explicit confirmation before running /sleep, do not store secrets or tokens in preview files, review preview contents before reset, and disable the hook when you no longer want automatic context injection.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The skill explicitly allows the agent to invoke `/sleep` whenever it subjectively decides a session is '适合结束/暂停', with no user confirmation, policy boundary, or objective trigger. That autonomy can interrupt ongoing work and force persistence/reset behavior at arbitrary times, which is risky because this skill also writes session state to disk and triggers a reset workflow.

Ssd 3

Medium
Confidence
97% confidence
Finding
The hook reads untrusted content from a workspace file and injects it directly into bootstrapFiles, which will influence future model behavior. Because the preview file can contain arbitrary text, an attacker who can modify that file can persist prompt-injection instructions across sessions, potentially steering the agent into unsafe actions, leaking context, or overriding expected behavior.

Session Persistence

Medium
Category
Rogue Agent
Content
AGENT_SESSION_KEY="agent:main:feishu:group:oc_87d0d49f1f81f9e1b8dd1d5ad5f9ec72"  # 替换为 Step 1 获取的值
PREVIEW_DIR="$HOME/.openclaw/workspace/previews"  # 替换为你的工作空间路径

mkdir -p "$PREVIEW_DIR"

TOKEN="$(cat ~/.openclaw/openclaw.json | python3 -c "import json,sys; c=json.load(sys.stdin); print(c['gateway']['auth']['token'])")"
openclaw gateway call sessions.reset \
Confidence
94% confidence
Finding
mkdir -p "$PREVIEW_DIR" TOKEN="$(cat ~/.openclaw

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal