Security audit

China Claw

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only research skill with one off-topic example, but no hidden execution, persistence, or sensitive access.

Reasonable to install for researching Chinese OpenClaw alternatives. Be aware that it includes an unrelated domain备案 example, so verify any regulatory/process guidance independently and prefer this skill only for AI product market research.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Description-Behavior Mismatch

Medium

Confidence: 93% confidence
Finding: The skill is advertised and named as a narrowly scoped market-research tool for China-based OpenClaw alternatives, but it also includes a separate domain-registration/ICP备案 guidance scenario. That scope expansion can cause incorrect skill routing and make the agent invoke this skill for unrelated regulatory or operational advice, increasing the chance of misleading outputs outside the validated domain.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The unrelated trigger broadens activation conditions beyond the skill's stated purpose, so user requests about domain备案 could activate a skill intended for AI product comparison. In agent systems, overly broad or mismatched triggers are dangerous because they undermine intent classification and can route users into irrelevant or lower-quality guidance paths.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal