ClawHub

码虫日报补课系统

Security checks across malware telemetry and agentic risk

Overview

This daily-report skill is mostly purpose-aligned, but it can silently modify a hardcoded local workspace and includes broad OpenClaw skill install/update/uninstall controls.

Review and edit the hardcoded workspace paths before running. Use --detect for a read-only missed-report check; do not assume --quiet is read-only. Avoid skills.sh unless you explicitly want this package to manage installed OpenClaw skills, and prefer naming a specific skill for updates instead of running a broad update.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The skill exposes a general-purpose skill search/install/update interface that is broader than the stated daily-report catch-up purpose. In an agent environment, this expands the capability surface from local report maintenance to acquiring or modifying other skills, which can enable unreviewed code or prompt content to enter the system.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The documentation advertises automatic catch-up generation and file-copy creation without clearly warning that the skill may create or modify report files. In automated or semi-automated agent use, this can lead to silent filesystem changes, fabricated historical entries, or unintended overwrites if operators assume the commands are read-only.

Missing User Warnings

Medium
Confidence
79% confidence
Finding
The script automatically creates and modifies multiple files in a fixed workspace, including reports, indexes, logs, reflections, and state, without any confirmation, dry-run default, or path-safety checks. In an agent/automation context, this can cause unintended integrity-impacting changes to user data or overwrite trusted records if run in the wrong environment or with manipulated filesystem links.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal