ClawHub

SkillChain

Security checks across malware telemetry and agentic risk

Overview

SkillChain is a disclosed, user-run tool for inventorying local OpenClaw skills, with privacy considerations around saved local metadata and optional online enrichment.

Install only if you want local skill inventory and dependency reports. Run scans against directories you intend to inspect, avoid broad private folders, skip the enrich command if you do not want skill names sent to ClawHub, and remember that the generated graph stores local skill metadata and paths until removed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill advertises and instructs use of filesystem reads, graph writes, shell execution, and optional network enrichment, but it does not declare any explicit permissions. That mismatch can bypass user/operator expectations and weakens least-privilege controls, especially because the documented workflow includes scanning local directories, writing to memory/skillchain/graph.jsonl, invoking npm root -g, and contacting clawhub when online.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The enrichment routine sends locally discovered skill slugs to `https://clawhub.ai/api/v1/skills/{slug}` without any consent prompt, disclosure, or opt-in at the point of use. In a supply-chain auditing skill, local skill inventory may be sensitive metadata, so this creates a privacy and environment-disclosure issue by leaking installed capabilities to an external service.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal