ClawHub

OpenClaw Self Analyzer - 自分析工具

Security checks across malware telemetry and agentic risk

Overview

This local OpenClaw analyzer is not malware, but its included generated hooks can log sensitive conversation, prompt, and memory context if enabled.

Install only if you intend to analyze a local OpenClaw setup and review the generated files before use. Treat the architecture report as heuristic, and remove or narrow the full-context console logging before enabling any generated hook, especially around prompt, LLM submission, and memory stages.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The function claims to extract hook points from the target system, but it actually fabricates pre/post/replace hooks for every detected or inferred stage. This can mislead downstream users or tools into believing unsupported interception points exist, causing unsafe architectural decisions, incorrect security assumptions, or failed integrations in a security-sensitive agent environment.

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The code says it analyzes tool implementations, but only enumerates markdown files under documentation directories. This creates a false picture of the real tool surface and may cause users to overlook undocumented tools or trust documentation as authoritative implementation inventory.

Intent-Code Divergence

Low
Confidence
88% confidence
Finding
The channel analysis routine is presented as analyzing channel integrations, but it merely lists markdown filenames from docs. In a security review context, this can underreport or misstate actual integrations and produce incorrect trust boundaries or exposure assessments.

Intent-Code Divergence

Low
Confidence
85% confidence
Finding
The extension analysis only lists directory names while implying meaningful analysis of extensions. This is primarily an integrity issue: consumers may overtrust shallow enumeration as substantive analysis, leading to incomplete review or missed extension-specific risks.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The script writes analysis results to a fixed workspace path without runtime confirmation or clear consent handling. In an agent skill context, implicit file writes can leak repository structure, overwrite prior artifacts, or create unexpected persistence that other components may later consume.

Vague Triggers

Low
Confidence
84% confidence
Finding
The manifest registers nine broadly named hooks across nearly every pipeline stage but defines no activation constraints, trigger conditions, or scope limitations. In a hook-based agent system, this creates an unnecessarily wide interception surface where custom code can observe or modify inputs, context, prompts, model submissions, responses, and memory operations, increasing the risk of abuse or accidental data exposure.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The hook logs the entire `context` object before invoking the next stage, which can expose sensitive user data, prompts, tokens, memory contents, or internal metadata to application logs. In a pre-hook for `memory_store`, the context is especially likely to contain user-supplied or persisted memory data, making indiscriminate logging a meaningful privacy and data-leak risk.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The hook logs the entire `context` object, which may contain prompts, user inputs, credentials, tokens, session state, or other sensitive data passed through the agent pipeline. Because this is a generated pre-hook for prompt assembly, the context is especially likely to include high-value conversational or system data, making indiscriminate logging a real information disclosure risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal