ClawHub

Clawwork

Security checks across malware telemetry and agentic risk

Overview

This skill is coherent with its stated ClawWork automation purpose, but it can run broad agent workflows through local external code, API keys, and temporary files without tight declared scope or controls.

Install only if you intentionally want ClawWork to run professional-task agents from the separate local ClawWork checkout. Review and trust the code at ~/.openclaw/workspace/ClawWork first, use dedicated API keys with spending limits, avoid sensitive task content, and require explicit user approval before running tasks that may execute code, call external services, or touch files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill advertises and documents access to environment variables, file paths, and script execution, but does not declare corresponding permissions. That creates a trust and enforcement gap: users or the platform may believe the skill is low-privilege while it can read secrets from `.env`, access local data paths, and write or execute files indirectly via its referenced tooling.

Context-Inappropriate Capability

Low
Confidence
89% confidence
Finding
The wrapper mutates import paths and loads a project-wide .env file even though its visible behavior is only to print instructions and list existing data. In an agent-skill context, automatically ingesting secrets and importing from external workspace paths expands trust boundaries unnecessarily and could expose credentials or enable unintended code loading if those paths are modified.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The description uses very broad activation language such as executing complex work, generating documents, analyses, and automation for professional tasks. This can cause the skill to be invoked for a wide range of everyday requests, increasing the chance that high-privilege capabilities are triggered in contexts where the user did not intend local file, environment, or code-linked operations.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal