ClawHub

Jason's OpenClaw Security Scanner

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed local OpenClaw security scanner with optional repair actions, but users should run repairs deliberately because they can change local files.

Install this only if you want a local OpenClaw security scanner. Run the default scan first, prefer --interactive over --fix-all, review any changes to TOOLS.md, AGENTS.md, .gitignore, or permissions, and keep JSON or console reports private because they may reference sensitive configuration values. If credentials are found, rotate and remove them separately; adding a file to .gitignore does not fix an already-exposed secret.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill advertises and instructs use of file reads, file writes, and shell execution, including automatic repair actions, but declares no permissions or capability boundaries. That creates a dangerous mismatch where a caller may invoke a skill with system-modifying behavior without explicit authorization or least-privilege controls.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill is presented as a security scanner, but it also includes file-writing and permission-changing remediation paths such as chmod, editing .gitignore, and modifying rule documents. In an agent skill context, that exceeds a read-only audit boundary and can lead to unexpected state changes or unsafe automated remediation when invoked under the expectation of scanning only.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The code automatically appends content to TOOLS.md or AGENTS.md to impose operation rules, which modifies agent governance documents rather than merely reporting issues. In a skill ecosystem, silently or semi-automatically changing policy files can alter agent behavior and trust boundaries in ways the caller may not expect.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger phrases are broad generic security terms such as '安全扫描' and '权限检查', which are likely to overlap with many unrelated user requests. This can cause unintended invocation of a skill that can modify files or permissions, increasing the chance of surprising or unsafe actions in the wrong context.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill prominently offers '--fix-all', 'chmod', and file-writing repairs without clearly warning up front that these actions will change system state and configuration files. In a security-themed skill, users may over-trust automated remediation, making silent or poorly explained modifications especially risky.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal