ClawHub

TinkerClaw Subagent Overseer

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed local sub-agent monitor, but users should be aware it runs a background process and can expose workspace activity metadata.

Install only if you want a local background monitor for OpenClaw sub-agents. Use the narrowest practical --workdir, omit --voice in shared or sensitive environments, and periodically check or clean /tmp/overseer if you no longer need the daemon.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
84% confidence
Finding
The script recursively scans the entire workdir and records recent filenames to infer sub-agent liveness, which exceeds the stated purpose and can expose unrelated project activity. In a multi-user or sensitive repository context, this broad collection can leak filenames and behavioral metadata into /tmp status/log files and optional voice announcements.

Missing User Warnings

Low
Confidence
78% confidence
Finding
The skill instructs users to launch a detached background daemon that persists independently and continuously writes status data under /tmp, but it does not prominently warn about ongoing execution, persistence, cleanup, or local artifact creation. In agent environments, this can lead to unnoticed long-lived processes, resource consumption, stale state, or unintended exposure of operational metadata via predictable files in shared temporary storage.

Missing User Warnings

Low
Confidence
79% confidence
Finding
The optional voice mode speaks operational details such as agent counts and recently changed filenames, which may disclose sensitive information to anyone nearby. While it requires the --voice flag, there is no additional confirmation, redaction, or warning before announcing potentially private workspace activity.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal