ClawHub

Openclaw Create Agent

Security checks across malware telemetry and agentic risk

Overview

This documentation-only skill is coherent, but it recommends broad agent-spawning permissions and asks users to store Feishu credentials and personal memory files without enough safety guidance.

Review this skill carefully before installing. Prefer an explicit `allowAgents` whitelist instead of `*`, back up and validate `openclaw.json` before restarting the gateway, use Feishu pairing or allowlists, protect app secrets from logs and source control, and avoid storing unnecessary sensitive personal data in memory or diary files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README recommends `subagents.allowAgents: ["*"]`, which grants an agent the ability to discover and spawn any other agent without documenting trust boundaries, privilege separation, or abuse scenarios. In a multi-agent system, this can enable lateral movement, unintended delegation of sensitive tasks, and amplification of a compromised or misconfigured agent's access.

Missing User Warnings

Medium
Confidence
78% confidence
Finding
The instructions tell users to bind a Feishu account/channel but provide no warning about what data may be exposed, what permissions are granted, or how messages and agent outputs may be shared externally. This can lead to unintentional disclosure of workspace contents, prompts, memory files, or operational metadata to a third-party communication platform.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill explicitly instructs users to store sensitive personal data such as private diaries and user profiles in the workspace, but it does not provide a privacy warning, retention guidance, or access-control recommendations. In a shared, synced, backed-up, or agent-accessible workspace, this can lead to unintended exposure of highly sensitive information.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill tells users to place Feishu app credentials directly into configuration without warning about secret handling, storage exposure, or rotation. If `openclaw.json` is readable by other users, committed to version control, logged, or copied into prompts, the app secret could be stolen and used to impersonate the bot or access connected integrations.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal