skill-manager

Security checks across malware telemetry and agentic risk

Overview

This skill is a read-only helper for listing installed OpenClaw skills, with some documentation mismatch but no evidence of destructive behavior, exfiltration, persistence, or credential access.

Install this only if you want a local inventory of OpenClaw skills. Review its output as informational, make sure your local `clawhub` command is trusted, and do not rely on the advertised category or duplicate-detection features as fully implemented.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Tp4

High

Category: MCP Tool Poisoning
Confidence: 93% confidence
Finding: The skill's documented behavior does not match its detected behavior: it reportedly invokes an external command (`clawhub list`) that is not disclosed, while also failing to implement advertised features like duplicate detection and table output. Hidden command execution reduces user visibility into what the skill actually does and can enable unintended system interaction, especially in an agent context where shell execution carries elevated risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal