ClawHub

Agent Starter Kit

Security checks across malware telemetry and agentic risk

Overview

This is a template-only starter kit, but its default agent rules give a future agent broad background behavior around memory, personal account checks, and pushing changes without clear approval boundaries.

Install only if you are willing to review and edit the templates before starting an agent. Remove or tighten email, calendar, social, heartbeat, memory, and git-push instructions; require explicit approval for external account access and remote changes; and avoid storing secrets or sensitive personal details in persistent memory.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Missing User Warnings

Low
Confidence
94% confidence
Finding
The skill instructs users to recursively copy template files into a persistent workspace without warning that existing files may be overwritten or merged. In an agent workspace, configuration files such as SOUL.md, USER.md, or AGENTS.md can materially change behavior, so silent replacement can lead to unintended state changes or loss of prior configuration.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The heartbeat section explicitly encourages the agent to proactively check sensitive external services such as email, calendar, social notifications, and weather, then persist check history to local state. Even though the file says not to exfiltrate data, this still normalizes background access to personal data without an explicit per-user opt-in, clear scope limits, or minimization rules, which can violate user expectations and increase privacy risk.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The HEARTBEAT template defines a periodic check workflow but does not constrain when it should run, what resources it may access, or what boundaries apply during autonomous execution. In agent systems, vague recurring-task triggers can lead to unintended repeated actions, excessive data access, or self-initiated behavior outside user expectations, especially if downstream users instantiate the template without adding safeguards.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The instruction to report only 'as needed' is too ambiguous for an autonomous or semi-autonomous agent. This can cause under-reporting of important actions or incidents, or over-reporting noisy events, reducing oversight and making risky behavior harder to detect and audit.

Session Persistence

Medium
Category
Rogue Agent
Content
### ステップ1: テンプレートをコピー
```bash
# エージェントのワークスペースを作成
mkdir -p ~/.openclaw/workspace/my-agent

# テンプレートをコピー
cp -r ~/.openclaw/workspace/skills/agent-starter-kit/templates/* \
Confidence
86% confidence
Finding
mkdir -p ~/.openclaw/workspace/my-agent # テンプレートをコピー cp -r ~/.openclaw/workspace/skills/agent-starter-kit/templates/* \ ~/.openclaw/workspace/my-agent/ ``` ### ステップ2: 各ファイルをカスタマイズ #### SOUL.m

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal