ClawHub

Skill Maker (ChenXi)

Security checks across malware telemetry and agentic risk

Overview

This skill is coherent and not malicious, but it should be reviewed because it can read broad private context and persistently create or update active agent skills without strong approval safeguards.

Install only if you want an agent helper that can create or update other skills. When using it, provide exact source ranges, avoid secrets, require a preview before anything is written under ~/.openclaw/skills, and back up existing skills before replacement.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger list includes broad, common phrases like '写SKILL.md' and '优化技能', which can match ordinary requests that are not explicit consent to invoke a skill that creates or modifies reusable artifacts. In an agent environment, overly broad activation increases the chance of unintended execution paths and can lead to unrequested file generation or workflow changes.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The testing guidance explicitly encourages matching generic utterances such as '帮我做 X' and '我想把 Y 自动化' without requiring strong contextual checks. This broad matching logic makes accidental invocation more likely, especially because the skill later directs writing outputs into a persistent user directory.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill mandates writing to '~/.openclaw/skills/<skill-name>/SKILL.md' and even describes migration behavior, but it does not require prior user consent or a safety warning about filesystem modification. In practice, this can cause silent persistence of generated content in the user's environment and unexpected overwrites or clutter in a trusted skills directory.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal