Security audit

Skill Release

Security checks across malware telemetry and agentic risk

Overview

This is a coherent ClawHub publishing helper that can use your ClawHub login and edit a skill version when you ask it to publish or update a release.

Install only if you want an agent to help publish skills to ClawHub. Use check or --dry-run first, verify the target directory, slug, version, changelog, and ClawHub account, and use a token or account with only the permissions needed for publishing.

SkillSpector

By NVIDIA

Vulnerability Patterns

Rogue AgentSelf-Modification, Session Persistence
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 89% confidence
Finding: The skill instructs the agent to read and modify local files and execute shell commands (`clawhub`, `npm`) but does not declare any permissions or safety boundaries. This creates a transparency and control gap: users and enforcement systems may not realize the skill can change `SKILL.md`, inspect the workspace, or invoke external tooling that may use sensitive credentials like `CLAWHUB_TOKEN`.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The README presents publish and update commands as routine actions without clearly warning that they will modify remote registry state and potentially create or change publicly visible skill versions. In an agentic context, this can encourage users or downstream agents to invoke state-changing operations without sufficient confirmation, increasing the risk of unintended releases or version changes.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill instructs the agent to automatically update `SKILL.md` during version updates, but it does not require an explicit warning that a project file will be modified or a separate confirmation immediately before the write. In an agent setting, silent file edits can surprise users, alter source-controlled artifacts, and create integrity or workflow issues if the user expected advisory-only behavior.

Self-Modification

High

Category: Rogue Agent
Content: --- name: clawhub-deploy description: Publish and manage Claude Code skills on ClawHub (clawhub.ai). Use when user wants to "publish skill", "update skill version", "release to clawhub", "clawhub publish", "clawhub update", or manage skill versions on the ClawHub registry. version: 1.0.0 metadata: openclaw:
Confidence: 84% confidence
Finding: update skill

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.