ClawHub

Openclaw Skill

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill is coherent and disclosed, but users should understand it creates or uses a Parliament Game token and sends confirmed labels to an external service.

Install only if you are comfortable with your agent contacting qa.canada-central.com, registering or using a Parliament Game token, fetching Q&A pairs, and sending your confirmed labels plus model attribution to that service. Review each Q&A pair before approving submission, and use a dedicated token if you provide one.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The skill instructs the agent to create an external anonymous account and persist/use an authentication token automatically, which expands behavior beyond simple local assistance into autonomous account lifecycle management. This can cause unauthorized third-party interactions, token handling risks, and unexpected data disclosure or service abuse without clear user consent.

Intent-Code Divergence

Medium
Confidence
80% confidence
Finding
The skill states that labels must only be submitted after user review, but later guidance nudges the model to infer the answer itself when uncertain. That contradiction increases the chance the agent will over-automate a crowdsourced judgment workflow, reducing meaningful user oversight and potentially submitting labels the user did not actually approve.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger phrases include very generic requests like "help label Q&A pairs," which could overlap with ordinary user assistance and cause the skill to activate unexpectedly. Because the skill fetches remote content and influences the agent's behavior, overly broad invocation language increases the risk of unintentional routing to this external workflow.

Missing User Warnings

Low
Confidence
87% confidence
Finding
The README explains that the skill fetches real Q&A exchanges, but it does not clearly warn users that activation causes retrieval of external data from a remote website/API. This reduces transparency and informed consent, and in the context of an auto-registering skill, makes unexpected network access more concerning.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The trigger phrase at this line is broad enough to match ordinary requests about labeling or analyzing parliamentary questions, which can invoke the skill unintentionally. Unintended activation matters here because the skill performs networked actions and may register accounts or submit labels to an external service.

Vague Triggers

Medium
Confidence
78% confidence
Finding
This trigger phrase is ambiguous and not specific enough to the named game or workflow, so normal user requests for help with Q&A analysis could activate the skill accidentally. In context, accidental activation is more concerning because the skill can contact a third-party service and manage tokens.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The phrase is everyday language broad enough to overlap with many benign classification requests, creating a realistic risk of unintended invocation. Because this skill is not read-only and can perform authenticated external actions, even low-friction accidental triggering has security and consent implications.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal