ClawHub

Multi-Perspective Forum

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly a prompt-only debate tool, but it proposes recurring LLM-powered audits that may collect and send business metrics and logs without clear scoping or approval controls.

Use this skill manually for strategic debates, or only enable its cron workflow if you are comfortable with recurring LLM-powered audits. Before running it, decide exactly which data sources are allowed, redact sensitive logs or customer data, and make sure you know how to disable any scheduled jobs.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#
ASI10: Rogue Agents
Medium
What this means

If configured, the skill could continue running audits on a schedule and consuming LLM access after the initial setup.

Why it was flagged

This instructs use of persistent scheduled LLM-enabled runs. The schedule is disclosed, but the artifact does not define user confirmation, expiry, cleanup, or containment for recurring autonomous activity.

Skill content
## Cron

- Monday 9 AM ET: `0 13 * * 1` (leverage audit)
- Friday 9 AM ET: `0 13 * * 5` (retro)

Use OpenClaw cron (needs LLM access), not crontab.
Recommendation

Only create the cron jobs intentionally, require explicit confirmation for setup, document how to disable them, and consider adding an expiry or review period.

#
ASI07: Insecure Inter-Agent Communication
Medium
What this means

Sensitive business metrics, lead information, revenue events, or logs could be included in an LLM prompt more broadly than the user intended.

Why it was flagged

The skill tells the agent to place broad business and operational data into a prompt sent through a spawned model/session, but does not specify redaction, data minimization, allowed sources, retention, or provider data boundaries.

Skill content
Inject `{DATA}` and `{QUESTION}` into this template ... DATA PAYLOAD: {DATA} ... sessions_spawn: ... model: "github-copilot/claude-opus-4.6" ... Resend analytics, lead pipeline counts, revenue/signups, error logs, outreach totals, cron health, cost burn.
Recommendation

Limit inputs to the minimum necessary, redact customer and secret-bearing log data, and require user review before sending audit payloads to the model.