ClawHub

Chen Find Skills

Security checks across malware telemetry and agentic risk

Overview

This skill is meant to find OpenClaw skills, but it can steer broad user requests toward persistent third-party skill installation with a global silent install command.

Review any suggested skill source before installing. Avoid using the `-g -y` install form unless you already trust the publisher and want it installed globally; prefer explicit confirmation, inspect the target SKILL.md, and know how to remove the skill afterward.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
85% confidence
Finding
The metadata description is broadly phrased around users asking for help or capabilities, which can cause the skill to activate in many loosely related situations. In a skill that can recommend and install third-party packages, overbroad activation increases the chance of unsolicited package discovery or installation suggestions in contexts where the user did not explicitly request supply-chain changes.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The usage conditions include ambiguous prompts like 'how do I do X' and 'can you do X', which are common across many normal requests and do not clearly indicate the user wants external skills. Because this skill directs the agent toward third-party skill discovery and installation, ambiguous invocation can steer users into unnecessary or unsafe supply-chain actions.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill instructs the agent to run 'npx skills add <owner/repo@skill> -g -y', which both installs globally and suppresses confirmation prompts for third-party code from external sources. This materially increases supply-chain risk, reduces user review, and can persist potentially malicious or untrusted skills across future sessions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal