ClawHub

AI 模型智能管家

Security checks across malware telemetry and agentic risk

Overview

This skill mostly matches its stated model-monitoring purpose, but it can change OpenClaw model routing and run scheduled network collection with limited safety controls.

Review before installing on any production or shared OpenClaw setup. Only enable the scheduled jobs if recurring external monitoring is acceptable, keep the OpenRouter key least-privileged, and treat approve/reject/deploy/rollback as live configuration changes that can affect routing, cost, and availability.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The README advertises automated web/API collection, storage into Feishu tables, weekly AI-generated recommendations, and one-click deployment into an OpenClaw fallback chain, but it does not clearly warn about data handling, credential scope, approval boundaries, or the operational risks of changing model-routing configuration. In an agent skill context, this can cause operators to enable automation that affects external systems and stores potentially sensitive operational data without understanding privacy and change-management implications.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill description promises automated monitoring, intelligence collection, and scheduled execution against external platforms, but it does not warn users about ongoing network activity or possible collection/processing of remote content. In an agent setting, undisclosed recurring network access increases the risk of privacy leakage, unreviewed data ingestion, and silent background behavior.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The described approval/deployment workflow can modify the model switching chain and affect live routing or deployment behavior, yet the documentation does not warn about the operational impact of those changes. Because this can alter production model selection and downstream behavior, insufficient disclosure raises the risk of accidental outages, unsafe model promotion, or unauthorized configuration drift.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The manifest exposes very generic commands such as "daily", "weekly", "history", "approve", "reject", and especially "deploy", which are common words likely to collide with unrelated user intent or other skills. In an agent environment, ambiguous triggers can cause the wrong skill to activate and potentially initiate sensitive workflows like approval or deployment without the user clearly intending to invoke this specific tool.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The function silently reads an OpenRouter API key from a local config file and then uses it for outbound requests without explicit user notice or consent at runtime. In an agent/skill context, implicit credential use can surprise users, bypass informed consent, and cause unintended use of a locally stored secret, especially when the module performs network access automatically.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal