ClawHub

Autonomous Agent Toolkit

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed toolkit for creating autonomous OpenClaw agent workspaces and optional cron workflows; the risky examples need careful scoping but do not show hidden or malicious behavior.

Install only if you intentionally want to build autonomous agents with local memory files and scheduled jobs. Before enabling any cron, define allowed files, connected accounts, approval gates for posting or external communication, alert destinations, quotas, sensitive-data redaction rules, and the exact way to disable the cron quickly.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The content scheduling cron explicitly instructs the agent to write and schedule posts, which is an external side effect affecting public-facing accounts. In an autonomous-agent toolkit, that is expected functionality, but the documentation omits any warning, approval gate, account-scope restriction, or rate/target validation, which increases the chance of unintended or unauthorized posting.

Missing User Warnings

Medium
Confidence
80% confidence
Finding
The daily summary cron sends information to the operator, which creates a data disclosure channel from agent memory and activity logs to another destination. While this may be legitimate for this skill, the instructions do not define what data is allowed to be included, how sensitive content is filtered, or whether the recipient/channel is trusted, so private or excessive information could be transmitted automatically.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The sales monitor cron instructs the agent to access an external API and send alerts, which involves network access and possible transmission of business data. In this toolkit that behavior is contextually normal, but the lack of disclosure about outbound connections, credential handling, data minimization, and alert content makes it easy to deploy unsafe automation that leaks sensitive sales information or overuses integrations.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal