ClawHub

safe-update

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate OpenClaw updater, but it makes powerful local changes and has documentation mismatches users should review before running.

Install only if you are comfortable with a skill that can change an OpenClaw source checkout, build and globally install code, copy config/auth-profile backups, and restart the OpenClaw gateway. Run dry-run cautiously because it is not fully non-mutating, review the target directory and branch first, and avoid following the force-push guidance unless you fully understand the remote branch impact.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Intent-Code Divergence

Medium
Confidence
86% confidence
Finding
The skill says it must wait for user confirmation before executing, but later advertises a quick script that automatically completes all steps. For a workflow that can rewrite git history, install software globally, and reconfigure a service, this contradiction undermines user consent and can cause destructive actions to occur without the promised confirmation checkpoint.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger phrases are broad enough that ordinary requests like 'sync source' or 'rebuild' could invoke a skill that performs repository modification, global package installation, and service-impacting operations. Overbroad activation increases the chance of accidental execution of high-impact actions in the wrong context.

Session Persistence

Medium
Category
Rogue Agent
Content
# 2. Backup config files (good practice before update!)
echo "=== Backing up config files ==="
mkdir -p ~/.openclaw/backups
BACKUP_SUFFIX=$(date +%Y%m%d-%H%M%S)

# Backup main config
Confidence
88% confidence
Finding
mkdir -p ~/.openclaw/backups BACKUP_SUFFIX=$(date +%Y%m%d-%H%M%S) # Backup main config cp ~/.openclaw/openclaw.json ~/.openclaw/backups/openclaw.json.bak.$BACKUP_SUFFIX echo "✅ Backed up: openclaw.js

Tool Parameter Abuse

High
Category
Tool Misuse
Content
## ⚠️ Important Warnings

- This script performs **git rebase** and **git push --force** - may lose local changes if not properly committed
- Uses **npm i -g .** for global installation - may require sudo
- Uses **systemctl --user restart** - will restart the OpenClaw service
- **Backup your config before running!** (see below)
Confidence
90% confidence
Finding
git push --force

Tool Parameter Abuse

High
Category
Tool Misuse
Content
## Notes

- **Rebase may cause conflicts** - if conflicts occur, resolve manually and continue
- **Force push** - after rebase, if pushing to fork, use `git push --force`
- **Service reinstall** - will update version in systemd unit file
- **User confirms restart** - Gateway will not restart until you confirm
- **Backup first** - always backup before updating!
Confidence
90% confidence
Finding
git push --force

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal