ClawHub

Skill Quick Index

Security checks across malware telemetry and agentic risk

Overview

This is a local skill lookup helper whose broad keyword matching may give imprecise recommendations, but the artifacts do not show automatic execution, exfiltration, or destructive behavior.

Use this as a discovery aid, not an automatic router. Review any recommended skill before running it, especially suggestions involving messaging, browser automation, configuration, or agent-management capabilities.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill explicitly scans local files under ~/.openclaw/workspace/skills/*/SKILL.md and builds an index, which is a real file-read capability. Because no permissions are declared, the skill understates its access requirements and can read local skill metadata without transparent user consent or policy enforcement. In this context the reads are limited to local skill definitions rather than arbitrary files, which reduces severity, but the undeclared capability is still a legitimate security issue.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The skill is designed for broad natural-language triggering and routing using wide keywords such as browser, docs, agent, media, and team. That ambiguity can cause unintended skill selection, including invocation of more powerful downstream skills than the user intended, creating a real prompt-routing and overreach risk even though the index itself is not overtly malicious. The risk is heightened because the skill spans many categories and emphasizes broad matching over narrowly scoped activation.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The manifest explicitly promotes a 'wide-trigger' routing behavior, which increases the chance that the skill will activate on broad or ambiguous user requests and influence tool/skill selection beyond what the user intended. In a routing/indexing skill, unclear activation constraints can cause overbroad delegation, accidental invocation of unrelated local skills, and unsafe expansion of the attack surface if other installed skills are sensitive.

Vague Triggers

High
Confidence
96% confidence
Finding
The matching rule explicitly recommends an entire category when any single keyword is present, which creates a very wide trigger surface. Because many category keywords are common words like 'video', 'agent', 'team', 'control', '@', and 'play', normal user requests can unintentionally route into powerful skills, including messaging, browser automation, and system-affecting tools.

Vague Triggers

Medium
Confidence
89% confidence
Finding
Several individual skill triggers use ambiguous everyday terms such as '团队', '学习', '启动', '配置', '声明', '检查', and level labels like 'L0/L1/L2/L3', which are likely to appear in unrelated conversations. This increases the chance of misrouting to the wrong skill, including skills related to configuration changes, agent evolution, or testing, where an accidental invocation could cause unintended side effects.

Session Persistence

Medium
Category
Rogue Agent
Content
# Skill Quick Index

Create and use a fast local index so users can trigger skills with natural language (broad keywords) and still get precise skill routing.

## What this skill does
Confidence
77% confidence
Finding
Create and use a fast local index so users can trigger skills with natural language (broad keywords) and still get precise skill routing. ## What this skill does 1. Scans local skills in `~/.opencla

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal