ClawHub

Learning System

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent learning tracker, but its weekly review can aggregate local memory, notes, and code-change history and send a summary through Feishu without clear opt-in or preview controls.

Review this carefully before installing. It is suitable only if you want the agent to read OpenClaw memory and learning notes, create persistent learning records, and potentially send weekly summaries through Feishu. Before enabling review mode, --quick, or cron automation, confirm the Feishu recipient and require manual preview/redaction of the exact message, especially if memory logs or notes may contain private work, customer data, credentials, unreleased research, or sensitive project details.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The weekly review flow includes sending a summary via Feishu, but this outbound action is omitted from the manifest trigger and usage hints. That mismatch can cause users or orchestrators to invoke the skill without realizing it may transmit derived content externally, increasing the risk of unintended disclosure.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The skill is presented as a learning-note and knowledge-graph assistant, yet weekly review mode adds outbound Feishu delivery that is not necessary for the core function. This broadens the data flow from local summarization to external sharing, which increases privacy and exfiltration risk if memory logs or review content contain sensitive project or personal information.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The instructions say to send a summary via Feishu but give no user-facing warning that information will leave the local environment. Without transparent notice and consent, a user may request a review expecting local summarization while the system performs external transmission of potentially sensitive content.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The guide explicitly instructs sending a weekly summary through Feishu, but provides no privacy screening, data minimization, or sensitivity checks before sharing content derived from memory logs, notes, code changes, and research artifacts. In this skill context, the reviewed material may include internal project details, unpublished research, repository activity, or other sensitive operational information, so external transmission can cause unintended disclosure.

Ssd 3

Medium
Confidence
96% confidence
Finding
This workflow instructs the skill to collect the last 7 days of memory logs, inspect notes and code changes, generate a summary, and then send that summary onward. That creates a concrete data-disclosure path from potentially sensitive internal records to an external channel without clear scoping, minimization, or approval gates, making leakage of confidential development or personal information plausible.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal