ClawHub

NadirClaw

Security checks across malware telemetry and agentic risk

Overview

This skill is coherent for an LLM routing proxy, but its installer can automatically change OpenClaw routing and leave a background local service running without enough consent or cleanup guidance.

Review before installing. Only run it if you intend to route OpenClaw or other LLM traffic through NadirClaw, trust the upstream `nadirclaw` Python package, and are comfortable with a background local proxy handling prompts. Before use, identify how to stop the service, remove the OpenClaw provider change, and inspect any credential or log storage.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The skill description contains broad activation cues such as reducing LLM spending, routing prompts, optimizing API usage, and setting up related tooling across several providers. This can cause the skill to trigger for ordinary requests that only discuss cost optimization or model usage, increasing the chance that the agent proposes installation, configuration, or service exposure actions the user did not explicitly request.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation recommends `nadirclaw openclaw onboard` and states that it writes NadirClaw as a provider in OpenClaw config with no restart needed, but it does not clearly warn that local configuration files will be modified. In a skill context, this is risky because an agent may perform the step automatically, altering provider routing and future model behavior without informed user consent.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script starts a long-running background service with nohup and redirects logs to /tmp without any explicit consent, notice about persistence, or instructions for stopping it. In an install script, this changes system state beyond package installation and can surprise users by leaving a listening local service and log file running after the script exits.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal