ClawHub

Skills Auto Manager

Security checks across malware telemetry and agentic risk

Overview

This skill is not malicious, but it can persistently and automatically install other skills, which changes the user's agent environment with broad trust assumptions.

Install only if you want a recurring skill manager that can modify your OpenClaw environment. Before enabling it, set auto_install_low_risk and auto_install_high_risk to false unless you have reviewed the trust criteria, confirm any cron job schedule, and manually review recommended skills before installation. VirusTotal was still pending and was not used as the basis for this Review verdict.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Intent-Code Divergence

Medium
Confidence
89% confidence
Finding
The documentation and example flow say high-risk skills should require confirmation, but the decision logic explicitly allows automatic installation of high-risk skills when `config.auto_install_high_risk` is enabled. In a skill whose purpose is to discover and install third-party skills from a marketplace, this creates a real unsafe path where risky or sensitive skills could be installed without human review.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README promotes automatic installation of 'low-risk' skills but does not explicitly warn that this modifies the user's environment and may install third-party code. In a skill manager context, that omission is security-relevant because users may enable automation without understanding the trust boundary, supply-chain risk, or persistence implications.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal