Back to skill

Security audit

Skill Guard — Pre-Install Security Scanner

Security checks across malware telemetry and agentic risk

Overview

This skill is a plausible security scanner, but its installer can bypass scanning and can modify or delete installed skills in ways users should review carefully.

Review this before installing. Use only normal ClawHub slugs, avoid --skip-scan and --force unless you have inspected the target paths, and run it only where modifying the OpenClaw skills directory is acceptable. Treat uvx mcp-scan@latest and the curl-to-sh dependency guidance as live third-party code execution, preferably replacing them with pinned or verified installation steps.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The script presents itself as a secure pre-install scanner, but it includes a documented --skip-scan path that installs a skill without any security review. In a security-gating tool, a built-in bypass undermines the primary trust boundary and can be abused to install malicious skills while still appearing to use the guard tool.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The header comments claim the script scans skills before installing, but the implementation supports installation without scanning. This mismatch is security-relevant because users may rely on the stated protection and unknowingly bypass scanning, creating a false sense of safety around untrusted skill installation.

External Script Fetching

Low
Category
Supply Chain
Content
## Requirements

- `clawhub` CLI — `npm i -g clawhub`
- `uv` — `curl -LsSf https://astral.sh/uv/install.sh | sh`

## Why This Matters
Confidence
91% confidence
Finding
curl -LsSf https://astral.sh/uv/install.sh | sh

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.prompt_injection_instructions

Prompt-injection style instruction pattern detected.

Warn
Code
suspicious.prompt_injection_instructions
Location
SKILL.md:22