ClawHub

auto-rollback

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate local rollback helper, but it needs review because its cleanup code can trust a mutable state file when deleting a launchd plist.

Install only if you are comfortable with a temporary macOS launchd job that can restore ~/.openclaw/openclaw.json and restart Gateway. Before broad use, the publisher should constrain cleanup to the fixed rollback plist label or validate the state file label strictly. After use, check status or remove the rollback plist and helper script if cancellation does not run.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill documentation instructs users to execute a shell script, but the skill declares no permissions or shell capability metadata. This creates a transparency and consent problem: an agent or user may invoke shell-backed behavior without an explicit declaration of that risk surface, which is especially important because the skill modifies user configuration and schedules rollback behavior.

Session Persistence

Medium
Category
Rogue Agent
Content
- Backups: `~/.openclaw/openclaw.json.YYYYMMDD-HHMMSS`
- State: `~/.openclaw/state/rollback-pending.json`
- Log: `~/.openclaw/logs/rollback.log`
- launchd plist: `~/.openclaw/ai.openclaw.rollback.plist`

## Agent Rule
Confidence
89% confidence
Finding
plist

Session Persistence

Medium
Category
Rogue Agent
Content
- Backups: `~/.openclaw/openclaw.json.YYYYMMDD-HHMMSS`
- State: `~/.openclaw/state/rollback-pending.json`
- Log: `~/.openclaw/logs/rollback.log`
- launchd plist: `~/.openclaw/ai.openclaw.rollback.plist`

## Agent Rule
Confidence
89% confidence
Finding
plist

Tool Parameter Abuse

High
Category
Tool Misuse
Content
plist_file="$OPENCLAW_HOME_DIR/$launchd_label.plist"

    launchctl unload "$plist_file" 2>/dev/null && log "✅ launchd job unloaded" || log "⚠️ launchd unload failed or job already ran"
    rm -f "$plist_file" "$OPENCLAW_HOME_DIR/.rollback_execute.sh" "$STATE_FILE"
    log "✅ Pending rollback cancelled"
}
Confidence
87% confidence
Finding
rm -f "$plist_file" "$OPENCLAW_HOME_DIR/

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal