ClawHub

Gateway Auto-Rollback

Security checks across malware telemetry and agentic risk

Overview

The skill is transparent and locally scoped, but it can automatically touch critical OpenClaw configuration files while its rollback guarantees are unreliable.

Install only if you are comfortable with a Review-level tool modifying OpenClaw configuration, command approvals, and the skills registry. Test it on a non-critical profile first, avoid relying on watch or cron mode as a true pre-change safety net, inspect backups before restoring, and protect or prune ~/.openclaw/backup because old configs may preserve sensitive or outdated permission state.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The advertised safety mechanism claims pre-modification backup and validation, but the watcher only notices changes after the file has already been modified and then backs up the new state. If a bad or malicious config is written, the 'backup' may preserve the broken version, causing rollback to fail and undermining the protection users rely on for critical gateway configuration.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The manual rollback procedure instructs users to overwrite a live configuration file and restart the gateway without any warning, backup-of-current-state step, ownership/permission preservation guidance, or validation-before-restart step. In an operational setting, this can cause accidental service disruption, rollback to stale or unsafe configs, or loss of the currently working configuration if the selected backup is wrong.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal