Skill Finder Cn

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward ClawHub skill search and installation helper, with the main risk being that installing recommended skills changes the user's OpenClaw environment.

Use it for ClawHub skill discovery, but inspect any recommended skill before installing it. Only approve `clawhub install` for a specific skill you trust, because installed skills remain available to your OpenClaw agent after the current task.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger phrases are broad enough to match common user requests about finding tools or getting help, which can cause the skill to activate outside its intended niche. In a skill that can search for and install other skills, overbroad activation increases the chance of unintended execution paths and exposure to unreviewed third-party content.

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The usage examples define activation through open-ended natural-language requests without requiring explicit mention of ClawHub or skill installation, making invocation ambiguous. Because this skill recommends and installs external skills, ambiguous activation can lead to accidental tool use and a wider attack surface via discovery of potentially unsafe third-party skills.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal