ClawHub

OpenClaw Subagent Toolset

Security checks across malware telemetry and agentic risk

Overview

This is a Markdown-only helper for choosing sub-agent tool prompts; it has a minor internal inconsistency but no hidden code, persistence, or data transfer behavior.

Treat this as a prompt-template reference, not a real sandbox. Fix or account for the Secretary glob_search contradiction, and enforce actual tool permissions through platform controls before relying on these subsets for sensitive work.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The Secretary subset contradicts itself by allowing glob_search while also forbidding glob_search and grep_search, creating ambiguous policy guidance for sub-agents. In a skill whose purpose is to constrain tool use via prompt instructions, contradictory rules can cause inconsistent enforcement, accidental over-permission, and make it easier for a model or attacker-crafted task to justify use of a supposedly forbidden capability.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal