ClawHub

Config Preflight Validator

Security checks across malware telemetry and agentic risk

Overview

This is a purpose-aligned OpenClaw config validator with disclosed schema fetching and only a small local schema cache.

Before installing, confirm you trust the publisher and your local openclaw CLI, install jsonschema from a trusted package source if needed, and expect the validator to query the OpenClaw gateway and cache the schema locally when run.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The manifest presents the skill as a local validator, but the feature list says it can fetch the latest schema from an external gateway source. This mismatch can mislead users about data flow and trust boundaries, and if the external schema source is compromised or unexpected, validation behavior could be influenced by remote content.

Description-Behavior Mismatch

Medium
Confidence
84% confidence
Finding
The tool is presented as a local preflight validator, but it reaches out through the OpenClaw CLI to fetch a live schema and writes a cache file under the user's home directory. This creates a behavior mismatch that can leak metadata, alter local state, and violate user expectations about offline or side-effect-free validation.

Context-Inappropriate Capability

Medium
Confidence
79% confidence
Finding
Including external command execution in a validator increases the attack surface beyond simple local parsing and validation. In this skill context, users would reasonably expect deterministic local checks, so contacting the gateway via CLI is more dangerous because it introduces hidden dependency, potential information disclosure, and execution of whatever 'openclaw' binary is resolved in the current environment.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal