ClawHub

OpenClaw Use Case Catalog

Security checks across malware telemetry and agentic risk

Overview

This is mainly a use-case catalog, but it also tells the agent to save new research and push it to GitHub without clear user approval.

Install only if you intend the agent to help maintain this catalog. Before use, require confirmation before web research, file writes, commits, or pushes; review diffs and remote destinations; avoid storing private user context in findings; and treat the anti-detection and sensitive-data examples as risky inspiration rather than recommended implementation guidance.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (13)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill is presented as a passive reference catalog, but its instructions expand into file creation, repository modification, and remote publication. That capability mismatch is dangerous because a user invoking a harmless-seeming inspiration skill could unintentionally trigger persistent local changes and outbound pushes to a remote repo.

Description-Behavior Mismatch

Low
Confidence
82% confidence
Finding
A catalog skill that also instructs the agent to perform live web searching broadens its behavior beyond static reference use. This increases risk of unintended network access, data collection, and surprise behavior when the user expected only curated local content.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
Remote git push is not necessary for answering use-case or inspiration questions, yet it enables publication of new content to an external repository. If invoked unexpectedly, this can leak data, create unauthorized changes, or publish low-trust content under the user's org.

Context-Inappropriate Capability

Low
Confidence
77% confidence
Finding
Mandating creation of bilingual findings files turns a catalog into a content-authoring and persistence tool. While lower severity than remote push, it still creates unrequested local state and can store externally sourced content without clear user consent.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger phrases are broad and common, which raises the chance this skill will activate in contexts where the user did not intend to use it. Because the skill includes write and push instructions, accidental invocation is more dangerous than for a purely read-only catalog.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill directs saving findings and pushing changes without any user-facing warning that local files and remote repositories will be modified. This lack of disclosure undermines informed consent and can lead to unauthorized persistence or publication.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The embedded bash example normalizes git add/commit/push as routine follow-up behavior without warning about repository mutation or publication. In an agent setting, such examples can be operationalized into real actions that publish content or alter provenance.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The catalog explicitly describes logging into Resy by reading SMS 2FA codes and intersecting both partners' calendars, which involves highly sensitive authentication and personal scheduling data. Even though this is presented as a use case rather than executable code, normalizing this workflow without any warning, consent boundary, or data-handling guidance can encourage unsafe deployments that expose private messages, account credentials, and third-party personal data.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
This section describes continuous scanning of text messages every 15 minutes and taking automatic calendar actions based on message contents, but provides no warning about privacy implications or risks of misinterpreting personal communications. In agent-skill context, this is more dangerous because it promotes persistent monitoring of a sensitive communication channel and automated downstream actions that may leak, store, or act on intimate data without adequate user awareness or safeguards.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
This section proposes collecting and analyzing WeChat group exports, email lists, and Signal activity to identify inactive members and suggest outreach, but the privacy warning appears only later in the document rather than as an upfront constraint in the use case itself. Because it involves personal communications and behavioral profiling across platforms, operators could deploy it without adequate consent, minimization, or anonymization safeguards, creating a real privacy and compliance risk.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The document promotes a health-data integration that combines Oura Ring data with calendar, appointments, and gym schedules, but it provides no privacy, consent, retention, or security cautions. In a skill that serves as inspiration and guidance for OpenClaw use cases, this omission can normalize handling sensitive personal data and messaging workflows without safeguards, increasing the chance that downstream users build insecure automations.

Natural-Language Policy Violations

Medium
Confidence
96% confidence
Finding
This entry explicitly describes using AppleScript to control a real logged-in Chrome instance in order to bypass Reddit's `navigator.webdriver` detection, and frames that behavior as a practical production technique. Even though this is presented as a cataloged use case rather than executable code, it normalizes anti-detection evasion for automated posting and can encourage policy-violating or abusive automation against third-party platforms.

Natural-Language Policy Violations

Medium
Confidence
97% confidence
Finding
The summary section repeats the detection-evasion tactic as a key discovery and calls it a 'production-tested technique,' which elevates the guidance from mere reporting to implicit recommendation. In a skill intended to inspire OpenClaw use cases, this increases the chance that users adopt stealth automation methods to evade platform safeguards, facilitating spam, account abuse, or terms-of-service violations.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal