ClawHub

openclaw-engineering-harness

Security checks across malware telemetry and agentic risk

Overview

This engineering workflow skill is mostly coherent, but it gives the agent under-scoped authority to persist memory and automatically run destructive git rollback commands.

Install only if you are comfortable with an agent reading and writing local .claude memory files and running repository-changing git commands. Use it in a clean or backed-up working tree, review memory updates before they are written, and require explicit approval before any git reset, checkout, add, or commit action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill advertises very broad implicit trigger phrases such as common engineering requests, which can cause the skill to activate unexpectedly for unrelated prompts. This is dangerous because the skill has write, git, bash, and persistent-memory capabilities, so accidental invocation can expand authority and cause unintended code changes or workflow execution without clear user consent.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill instructs the agent to update `.claude/MEMORY.md` during delivery without clearly warning the user that this is a persistent state change. This is risky because it can silently store prompt-derived preferences or project context that influence future runs, creating persistence, privacy, and prompt-injection amplification concerns.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly recommends `git reset --hard` as part of a rollback plan without any warning that it irreversibly discards uncommitted local changes. In an agent workflow, this creates a real risk of destructive data loss if the instruction is followed automatically or by an unsuspecting operator.

Missing User Warnings

High
Confidence
99% confidence
Finding
This instruction is more dangerous because it says the agent "MUST auto-rollback" using `git checkout -- <files>` or `git reset --hard` when tests fail, encouraging autonomous execution of destructive git commands. That can wipe unrelated user work and makes the risk materially higher in an execution-loop skill that guides agent behavior.

Missing User Warnings

Low
Confidence
87% confidence
Finding
The skill tells the agent to use `git add` / `git commit` to seal changes without stating that this mutates repository state and may create unwanted history. While less severe than a hard reset, it still authorizes persistent repository modification that may be inappropriate without user consent.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly instructs the agent to create or update persistent memory files at the end of a task, but it provides no requirement for user notification, consent, or review before writing. This can cause silent persistence of user data, project details, or incorrect agent-generated 'lessons learned,' which may influence future tasks without the user's awareness.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The checklist explicitly instructs the agent to ask the user for retrospective information and persist the answer into `.claude/openclaw-memory.json`, but it provides no warning, consent flow, retention limit, or guidance on sensitive-data handling. This creates a real privacy and data-governance risk because users may disclose secrets, personal data, or internal details that are then silently written to local storage and potentially reused or exported later.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal