ClawHub
Back to skill

Security audit

safety-kb-import

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate safety knowledge-base import tool, but it can overwrite and delete local database content and its activation scope is broader than the import-only workflow needs.

Install only if you intend to let this skill modify the local safety-review database. Before running imports, back up the SQLite file, verify KB_PATH points to the intended database, review the manifest and document-number matches carefully, and test clause splitting and duplicate checks before executing the import command.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill instructs the agent to read local files and environment-dependent paths (for example `~/.openclaw-autoclaw/...` and optional `KB_PATH`) while declaring no permissions. That mismatch weakens policy enforcement and auditability because the platform may not surface or constrain the actual data access the skill expects.

Vague Triggers

Medium
Confidence
77% confidence
Finding
The trigger list contains broad phrases such as '入库' and '导入知识库' that can match ordinary conversation and cause unintended activation of a write-capable skill. In this context, accidental invocation is more dangerous because the skill performs database imports and updates, potentially overwriting existing regulatory content.

Vague Triggers

Medium
Confidence
81% confidence
Finding
Stating that the skill should be used for 'any write operation' on the database makes its activation scope overly broad for a powerful write path. That increases the chance the agent routes unrelated or partial user requests into a destructive workflow that can update records and delete/recreate clauses without rollback.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal