ClawHub

Tool Master

Security checks across malware telemetry and agentic risk

Overview

This is a markdown-only tool lookup skill, but it gives an agent broad command-selection guidance for destructive, networked, and OpenClaw administrative actions without enough scoping.

Install only if you want a broad command catalog available to the assistant. Require explicit confirmation before any command that deletes or edits files, changes permissions, kills processes, contacts the network, changes Git remotes or pushes, reads OpenClaw sessions/config, changes OpenClaw models/settings/skills, restores backups, restarts services, or sends messages.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (8)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill is described as a keyword-based tool lookup system, but its mapping exposes destructive, state-changing, and remote-capable commands such as rm, kill, git push, network downloads, configuration changes, and backup restore. In an agent setting, broad lookup metadata can function as action-selection guidance, so including these commands materially increases the chance of unsafe or unintended execution beyond the stated purpose.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The file includes guidance for high-risk administrative actions including deletion, process termination, service control, config changes, remote sync, backup restore, and permission changes without justification tied to a simple keyword finder. In a tool-routing context, documenting these actions with easy triggers can normalize or enable privileged operations without sufficient guardrails.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill explicitly encourages self-driven and proactive tool use based on broad triggers like repeated, complex, or time-consuming tasks, plus periodic checking and optimization. In an agent setting, this can cause unnecessary command execution, scope creep, and actions not clearly requested by the user, increasing the chance of unsafe or privacy-impacting operations even without overtly malicious intent.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger keywords are very broad and overlap with common natural language, which can cause accidental matching and inappropriate tool selection. Even for non-destructive tools, ambiguous routing in an autonomous or semi-autonomous agent increases the chance of the wrong command being proposed or run.

Vague Triggers

High
Confidence
98% confidence
Finding
Destructive operations such as file deletion are mapped from generic terms like '删除', '移除', and '清理' with no trigger constraints, making accidental activation plausible. In an agent environment, broad destructive mappings are particularly dangerous because ordinary user phrasing may be interpreted as authorization to perform irreversible actions.

Vague Triggers

Medium
Confidence
90% confidence
Finding
System and process management triggers such as '监控', '进程', and '杀死进程' are broad enough to match routine troubleshooting language without clear safety boundaries. This can lead an agent to select inspection or termination actions prematurely, including commands that affect running workloads.

Vague Triggers

Medium
Confidence
92% confidence
Finding
Network-related keywords such as '下载', '请求', and '获取数据' are highly generic and can trigger outbound network tools unexpectedly. In agent workflows, this expands the attack surface to remote content retrieval, data exfiltration, or unintended contact with external systems.

Missing User Warnings

High
Confidence
96% confidence
Finding
The document lists high-risk actions such as deletion, process termination, and backup restore without any warnings, confirmation steps, or operational safeguards. Absence of user-facing risk labeling and confirmation increases the likelihood that an agent or operator will treat these actions as routine and execute them unsafely.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal