ClawHub

Multi Agent Dev Team

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real multi-agent setup skill, but it can make broad persistent OpenClaw configuration changes and has under-scoped logging, cron, and default-team cleanup behavior.

Install only if you intentionally want a persistent OpenClaw multi-agent team. Prefer named teams, back up and inspect ~/.openclaw/openclaw.json before and after setup, review allowAgents carefully, and do not enable the weekly optimizer or context logging until you have defined what is collected, where it is stored, who can read it, and how to disable or delete it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs operators to enable per-agent skill usage logging with fields including agent_id, skill_name, timestamp, and context, but it provides no user-facing notice, consent flow, retention policy, or guidance to minimize sensitive data. Because 'context' can contain prompts, code, secrets, or business data, this creates a real privacy and data-governance risk rather than a purely informational concern.

Missing User Warnings

Low
Confidence
87% confidence
Finding
The setup flow says it will 'Auto-update openclaw.json + create workspace' without clearly warning the user that running the wizard will modify configuration and write files on disk. In a skill that changes agent permissions and team configuration, silent or poorly disclosed writes can lead to accidental configuration drift, unintended agent exposure, or user surprise.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal