ClawHub

AgentLove

Security checks across malware telemetry and agentic risk

Overview

AgentLove appears to be a disclosed conversation-based setup wizard that records choices in memory and does not install software, collect credentials, or contact external services by itself.

Use an explicit trigger like /agentlove when possible, and avoid pasting platform tokens or secrets into chat even though the skill tells users to configure credentials through the OpenClaw console. Be aware that configuration choices may remain in process memory until reset or process restart.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Intent-Code Divergence

Low
Confidence
93% confidence
Finding
The header comment promises that conversation data is cleared when the session ends, but the implementation only stores state in a Map keyed by userId and never expires or removes entries automatically. If clearState is not reliably invoked by the caller, conversation data can persist indefinitely for the process lifetime, creating a privacy and data-retention mismatch that may expose prior user workflow data to operators, debugging tools, or future logic errors.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger list contains very broad terms such as '配置', '备份', '结婚', and '进化', which are likely to match ordinary conversation and invoke the skill unexpectedly. In an agent ecosystem, overbroad triggering can hijack unrelated user requests, steer users into an unintended workflow, and increase the chance of social-engineering prompts around configuration steps.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The command triggers include very generic terms such as "/备份" and especially "/配置", which are likely to overlap with unrelated user actions or other skills. In an agent-routing system, this can cause unintended invocation of the skill, exposing users to confusing flows, unauthorized state changes, or social-engineering opportunities if the skill is triggered in the wrong context.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The keyword triggers are broad natural-language phrases like "配置机器人", "创建 agent", and "agentlove", which may appear in ordinary conversation and unintentionally activate the skill. Because this skill can initiate backup, configuration, and other workflow actions, accidental invocation increases the risk of misrouting, user confusion, and manipulation through trigger collisions with benign chat content.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The troubleshooting guidance instructs users to invoke the skill with very generic phrases such as “配置” and “备份,” which are broad enough to match many unrelated conversations. In an agent environment, overly broad triggers can cause unintended activation of this skill during normal user interactions, leading to confused execution flow, accidental access to configuration flows, or invocation of sensitive backup-related behavior without clear user intent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal