ClawHub

OpenClaw Security Audit — BLUF Report

Security checks across malware telemetry and agentic risk

Overview

The skill is a plausible security-audit helper, but its safety claims conflict with instructions that can store reports locally and send sensitive audit results to Telegram.

Review before installing. Use stdout-only unless you intentionally want reports written to local memory or sent through Telegram, and confirm any bot token, chat destination, cron schedule, and report contents because security-audit findings may expose weaknesses in your environment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The skill explicitly claims there are no network calls, no credential access, and no data exfiltration, yet later instructs sending audit results to Telegram using environment-derived identifiers and an HTTPS request. This mismatch can mislead operators into approving or automating the skill under false assumptions, causing unintended disclosure of potentially sensitive security-audit data.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The document states the skill is read-only and does not write files, but its default delivery path appends audit output to a memory file. False claims about write behavior can cause users to run the skill in environments where persistence is prohibited, leading to unintended storage of sensitive audit findings.

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The notes claim the skill does not modify settings, but it also recommends a command that creates a cron job, which changes local system state and persistence. Although the cron command is presented as optional scheduling guidance, the mismatch still understates the operational effects of following the skill.

Missing User Warnings

High
Confidence
99% confidence
Finding
The markdown asserts no network calls or data exfiltration, but later includes Telegram delivery that sends the report off-machine. In a security-audit context, transmitted findings may contain sensitive configuration weaknesses, making deceptive or inaccurate assurances especially risky.

Ssd 3

Medium
Confidence
95% confidence
Finding
The skill instructs persisting audit results to memory and optionally transmitting them to Telegram despite earlier assurances that nothing leaves the machine. Security-audit outputs frequently contain sensitive findings, so storing or sending full results can increase exposure if logs, memory stores, or chat destinations are not appropriately secured.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal