ClawHub

Skill Template

Security checks across malware telemetry and agentic risk

Overview

This skill appears local-only, but it is marketed as a skill-template generator while prominently documenting and shipping a persistent local data-log utility.

Install only if you are comfortable with a mixed-purpose skill that includes a local note/log manager. Do not put secrets, tokens, private prompts, or sensitive project details into its commands, because data.log and history.log can retain them locally. Use SKILL_TEMPLATE_DIR to isolate storage, review or delete those files manually, and do not rely on the remove command to purge records.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (9)

Lp3

Medium
Category
MCP Least Privilege
Confidence
85% confidence
Finding
The skill documents behavior that reads local files (`data.log`, `history.log`, and `config.json`) and exports their contents, but the manifest does not declare corresponding permissions. This creates a transparency and consent problem: users and hosting systems may not understand that the skill can access persisted local data, increasing the risk of unintended data exposure.

Tp4

High
Category
MCP Tool Poisoning
Confidence
97% confidence
Finding
The manifest advertises a skill-template generator, but the documented commands implement a generic persistent data-management CLI with logging, search, deletion, and export features unrelated to template generation. This mismatch is dangerous because users may grant trust based on the stated purpose while the actual behavior collects, stores, and exposes arbitrary local data.

Description-Behavior Mismatch

High
Confidence
96% confidence
Finding
The front matter says the skill generates OpenClaw skill templates, but the body describes a standalone note and record-management tool. Security-relevant documentation inconsistency can mislead reviewers and users about what data the skill handles and what operations it performs, which undermines informed consent and increases the chance of misuse.

Intent-Code Divergence

Medium
Confidence
84% confidence
Finding
The top-level documentation presents conflicting purposes: a template generator versus a general-purpose data management CLI. Contradictory documentation is a security issue because it obscures the true operational scope, making it harder for users to assess privacy risks around stored entries, command history, and exported data.

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The implementation materially diverges from the declared purpose of a skill-template generator and instead provides a generic local logging and item-management CLI. This kind of capability mismatch is dangerous because it defeats user and platform expectations, can conceal undeclared data collection/storage behavior, and makes security review and permission scoping unreliable.

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
The help text advertises the program as a broad 'Multi-purpose utility tool,' which directly contradicts the narrowly scoped skill description. In a skill ecosystem, misleading documentation increases risk because operators may trust the manifest while the script normalizes broader behavior, masking unexpected storage and command capabilities.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The `remove` command deletes stored entries, but the description does not warn users about the destructive effect or whether deletion is reversible. In a logging/notebook-style tool, this can lead to accidental data loss, especially because the skill is presented as a benign template utility rather than a persistent datastore manager.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation states that every command is recorded in `history.log`, but the static finding correctly notes that the user is not warned about the privacy implications of this behavior. Command history may include sensitive terms, filenames, or secrets passed as arguments, creating an avoidable privacy and data-retention risk.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The `export` command outputs all logged data, but the description does not clearly warn that this may dump sensitive information to stdout, shells, pipelines, logs, or redirected files. In a tool that stores arbitrary user entries and command history, bulk export materially increases the chance of accidental disclosure.

VirusTotal

57/57 vendors flagged this skill as clean.

View on VirusTotal