ClawHub

Encrypted File Writer

Security checks across malware telemetry and agentic risk

Overview

This skill is a broad local file writer that appears to write ordinary files while overstating encrypted or protected-file support.

Install only if you intentionally want an agent to create, overwrite, and append local files. Do not assume this skill encrypts files or enforces enterprise protection policies, keep backups before use, and avoid sensitive configs, scripts, shell profiles, and .env files unless the write is explicit and reviewed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The skill markets itself as writing to encrypted/protected files in enterprise environments, but the implementation only performs normal filesystem writes and creates ordinary ZIP-based Office files. This can cause users or higher-level agents to trust the tool with sensitive data under the false assumption that encryption or policy enforcement is being applied, leading to plaintext storage of confidential content.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The CLI exposes an --encoding option and documentation promises configurable encoding, but text writes always call content.encode('utf-8') and ignore the user-supplied encoding parameter. In security-sensitive workflows this can corrupt logs, policies, scripts, or configuration files, causing silent failures or unsafe misconfiguration while users believe the requested encoding was honored.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The activation phrases are broad enough to trigger on routine requests like 'save file' or 'create file,' which increases the chance that an agent invokes this skill unexpectedly in unrelated contexts. In a file-writing skill, over-broad triggering is risky because it can cause unreviewed file creation or modification, especially when the skill advertises support for protected or enterprise-managed files.

Known Vulnerable Dependency: openclaw==1.0.0 — 10 advisory(ies): CVE-2026-32064 (OpenClaw's andbox browser noVNC observer lacked VNC authentication); CVE-2026-32006 (OpenClaw has a BlueBubbles group allowlist mismatch via DM pairing-store fallbac); CVE-2026-41913 (OpenClaw: Concurrent async auth attempts can bypass the intended shared-secret r) +7 more

High
Category
Supply Chain
Confidence
92% confidence
Finding
openclaw==1.0.0

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal