ClawHub

Greg Eisenberg

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only brainstorming and AI business strategy skill whose references discuss powerful agent setups, but it does not install code, request credentials, or perform actions itself.

Safe to install as an instruction-only ideation/style aid. Treat the OpenClaw setup notes as examples, not defaults: avoid giving agents your main browser session or personal credentials, keep confirmation prompts enabled for sensitive actions, use dedicated accounts, and require human approval before posting content or sending messages.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The skill description is broadly scoped to common activities like brainstorming, analyzing opportunities, creating strategies, and discussing AI workflows, which can cause it to trigger in many ordinary conversations. Over-broad invocation increases the chance the agent applies this persona or guidance when the user did not explicitly want it, potentially biasing outputs, overshadowing safer domain-specific skills, or pulling in risky adjacent topics like automation and OpenClaw setups.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The document explicitly promotes a mode that bypasses confirmation prompts, which weakens a core safety control for agent-driven actions. In a course aimed at non-technical users building and deploying with Claude Code, mentioning this feature with only a brief 'use with caution' note normalizes unsafe operation and may lead users to run destructive or over-privileged actions without review.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The document explicitly describes a browser takeover mode that can use the user's existing logged-in sessions, which materially increases the risk of account misuse, data exfiltration, and unintended actions across sensitive sites. Even though it says this method is 'less recommended,' it does not clearly warn that this grants the agent access equivalent to the user on already-authenticated accounts.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The content pipeline includes automated posting to multiple social platforms without clearly stating that the system may publish content publicly on the user's behalf. This creates risk of accidental publication, brand damage, or unauthorized actions if prompts, workflows, or connected accounts are misconfigured or abused.

Missing User Warnings

High
Confidence
96% confidence
Finding
Stating that the system 'can send WhatsApp messages as Moritz' describes direct impersonation capability without a strong warning about unintended communication, abuse, or reputational harm. In the context of CRM and messaging integrations, this is especially dangerous because the agent may contact real people using the user's identity and relationship context.

VirusTotal

55/55 vendors flagged this skill as clean.

View on VirusTotal