ClawHub

ORF

Security checks across malware telemetry and agentic risk

Overview

The skill appears to do the ORF news-and-image task it advertises, but it also reads a local OpenClaw config API key and installs unpinned Python packages at runtime without clear user-facing disclosure.

Review this skill before installing if you are not comfortable with it reading a Gemini/Nano Banana API key from your OpenClaw config and installing Python packages during use. Prefer setting GEMINI_API_KEY explicitly, verify the dependencies, and treat the generated ./tmp/orf-venv as runtime setup you may want to remove or rebuild.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill invokes local scripts and external network access (`python3`, `node`, shell script, and browser fallback) while declaring no permissions, which creates a capability/expectation mismatch. This is dangerous because reviewers and runtime policy systems may not realize the skill can read files, access environment data, or fetch remote content, increasing the risk of unintended data exposure or uncontrolled network activity.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The script creates a virtual environment and installs third-party packages from the network at runtime before generating the image. This expands the skill's execution surface beyond simple news retrieval, creates a supply-chain risk if dependencies are compromised, and can lead to unreviewed code execution in environments where users may not expect package installation.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The script performs package installation and then invokes multiple helper programs without any confirmation, making side effects occur implicitly when the skill runs. In this skill context, users expect a news digest and image generation, not environment modification and dependency fetching, so the hidden install behavior increases operational and security risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal