ClawHub

神经元

Security checks across malware telemetry and agentic risk

Overview

This skill does what it advertises, but it can automatically share prompts and results with unauthenticated local-network peers.

Install only if you intend to share prompts and results with trusted OpenClaw nodes on your local network. Do not use it for secrets, proprietary data, regulated data, or private prompts unless you control every peer; prefer distribute=false for local-only work and avoid exposing the discovery port outside a trusted LAN.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
86% confidence
Finding
The skill exposes generic import/export of in-memory task data to arbitrary local file paths, which goes beyond the stated purpose of node discovery and task distribution. In an agent environment, this can enable unintended reading of attacker-chosen local files or writing sensitive task contents to attacker-chosen destinations, increasing the risk of data exposure or file clobbering.

Missing User Warnings

High
Confidence
96% confidence
Finding
The skill states that user questions are automatically distributed to all discovered nodes, but it does not clearly and prominently warn that user-provided content is transmitted over the local network by default. In a distributed AI setting, this can leak sensitive prompts, credentials, internal data, or regulated information to other instances on the LAN, making the context significantly more dangerous.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill distributes user questions to peer nodes and later broadcasts final results without any user-facing disclosure or consent. In context, this is particularly sensitive because prompts and model outputs may contain private or proprietary data, and the node discovery mechanism accepts peers on the local network without any authentication shown here.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal