ClawHub

ClawGuard

Security checks across malware telemetry and agentic risk

Overview

ClawGuard is a disclosed OpenClaw watchdog that installs a user-level background service and can roll back OpenClaw config, with no evidence of hidden or unrelated behavior.

Install only if you want an always-running OpenClaw watchdog. Review the installer, keep your own known-good OpenClaw config backup, choose notification targets carefully because alerts may include diagnostic details, and disable the user service when you no longer want background monitoring.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill advertises shell execution, file read/write, service installation, and configuration rollback behavior, but the metadata shown in SKILL.md does not declare permissions or prominently scope these capabilities. That mismatch can mislead users and orchestration layers about what the skill is allowed to do, increasing the chance of unexpected system modification or command execution.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The skill describes automatic backup, rollback, and retry of gateway configuration during restart failures, which is a system-modifying recovery action. Without a clear up-front warning and consent boundary, users may enable behavior that silently alters live service configuration and can revert to older or unintended states.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The install instructions state that the skill sets up a persistent user daemon/agent with Restart=always and auto-start on boot, but do not present this as a high-visibility warning or require explicit consent. Persistent background execution expands the attack surface, can survive beyond the immediate task, and may surprise users who expect a one-shot utility.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The code forwards gateway status output and journal excerpts directly to the configured notification target. Those diagnostics can contain sensitive paths, tokens, environment details, usernames, hostnames, or internal error context, so this creates an information disclosure channel to whatever target was registered.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The installer copies executables into user-controlled locations and sets them executable, then proceeds toward persistent service setup without any explicit consent or clear warning about the scope of changes. Even if intended as a watchdog, silently installing long-lived components in the user's home directory reduces informed consent and can surprise users with background execution and retained artifacts.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script activates persistence immediately via launchd or systemd user service without a dedicated warning that a background process will start automatically on login/session start. This is risky because users may run the installer expecting a one-time setup, not automatic ongoing execution with restart behavior.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal