ClawHub

Openclaw Godmode Skill Repo

Security checks across malware telemetry and agentic risk

Overview

This docs-only skill is not malware, but it can direct an agent to make broad code, shell, browser, and GitHub changes with weak activation and approval boundaries.

Install only if you intentionally want a highly autonomous development orchestrator. Use it in trusted repositories, scope GitHub and MCP credentials narrowly, avoid live customer or secret-bearing pages during screenshot testing, and require explicit approval before file writes, shell commands, PR merges, issue closure, releases, tags, CI/CD actions, or any production-like operation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The README presents highly generic trigger phrases such as 'New Feature', 'Bug Fix', 'API Change', and 'Prepare Release' that can map to common everyday requests, while describing autonomous multi-agent execution and downstream actions like testing, documentation, and GitHub operations. In the context of a skill that explicitly orchestrates multiple agents and external tooling, broad activation language increases the chance that routine user prompts unintentionally invoke impactful workflows.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README emphasizes autonomy, parallel agents, E2E testing, GitHub operations, and even server-administration adjacency, but does not provide equally prominent warnings about the real-world effects these workflows may have on local files, repositories, CI/CD, external services, or production-like environments. The later statement that the skill is 'documentation-only' reduces perceived risk even though the documented purpose is to drive powerful agent/tool actions, which can lead users to underestimate operational impact.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The skill is framed very broadly as a self-orchestrating development workflow that decides how to act, which increases the chance it will activate on generic developer requests and begin using powerful tools unnecessarily. In a skill with Bash, Write, Edit, WebFetch, WebSearch, network access, credentials, and GitHub tooling, overbroad activation materially raises the risk of unintended code modification, data access, or external operations.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The start condition 'When the user makes a request' is overly ambiguous and can cause this highly privileged orchestration skill to trigger for almost any user prompt. Given the documented runtime access to local binaries, network, credentials, shell commands, web access, and GitHub operations, accidental activation could lead to broad autonomous actions without sufficiently explicit user intent.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The tester agent mandates screenshots of every page across multiple viewports but provides no guidance to avoid capturing sensitive or personal data that may appear during authenticated flows. In a multi-agent development workflow, this can lead to inadvertent collection and retention of secrets, PII, internal dashboards, or customer content in local artifacts and reports.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal