ClawHub

Agent Council

Security checks across malware telemetry and agentic risk

Overview

This skill is an OpenClaw and Discord administration toolkit, but it can make persistent configuration, workspace, Discord, and cron changes with limited safeguards.

Install only if you intend to give this skill authority to administer OpenClaw agents and Discord channels. Review every generated command before execution, use fresh workspaces, avoid sensitive personal or health data in Discord or agent memory unless you have appropriate controls, and be cautious with channel renames, gateway patches, and cron jobs because they can persist after the initial setup.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Memory PoisoningPersistent Context Injection, Context Window Stuffing, Memory Manipulation
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (10)

Lp3

Medium
Category
MCP Least Privilege
Confidence
96% confidence
Finding
The skill documents and promotes use of shell commands, file creation/modification, environment variables, and Discord/network operations, but it declares no explicit permissions or constraints. This mismatch prevents informed consent and weakens policy enforcement, making it easy for an agent to perform sensitive actions such as modifying gateway configuration, creating cron jobs, and changing Discord resources without clear guardrails.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The script does more than local scaffolding: it persistently modifies gateway configuration, can bind an agent to a Discord channel, and optionally creates a recurring cron job. In an agent-skill context, these are security-relevant control-plane changes that alter future behavior and persistence, so performing them from a convenience script materially increases risk if the script is run with untrusted or mistaken inputs.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The activation guidance is broad enough to trigger on common agent-management or Discord-organization requests, causing this powerful skill to activate in situations where the user may not expect configuration changes or network actions. Overbroad invocation increases the chance of unnecessary exposure to high-impact capabilities and accidental execution of administrative workflows.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script writes SOUL.md and HEARTBEAT.md directly into the supplied workspace using shell redirection, which overwrites existing files without backup or confirmation. If the workspace path is wrong, reused, or attacker-influenced, important configuration or prompt files can be destroyed or replaced, causing integrity loss and potentially changing agent behavior.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script applies a live gateway configuration patch immediately and notes that a restart will happen automatically, with no final confirmation gate. This can cause unintended service disruption, incorrect routing, or persistence of malicious/mistaken agent definitions if an operator runs the script with bad parameters or in the wrong environment.

Memory Manipulation

High
Category
Memory Poisoning
Content
1. **Organize channels in categories** - Group related agent channels
2. **Use descriptive channel names** - Clear purpose from the name
3. **Set specific system prompts** - Give each channel clear context
4. **Document agent responsibilities** - Keep SOUL.md updated
5. **Set up memory cron jobs** - For agents with ongoing work
6. **Test agents individually** - Before integrating into team
Confidence
72% confidence
Finding
clear context

Session Persistence

Medium
Category
Rogue Agent
Content
- **Emoji** (e.g., "🔬")
- **Specialty** (what the agent does)
- **Model** (which LLM to use)
- **Workspace** (where to create agent files)
- **Discord channel ID** (optional)

#### 2. Run Creation Script
Confidence
75% confidence
Finding
create agent file

Session Persistence

Medium
Category
Rogue Agent
Content
- `--emoji` (required) - Agent emoji
- `--specialty` (required) - What the agent does
- `--model` (required) - LLM to use (provider/model-name)
- `--workspace` (required) - Where to create agent files
- `--discord-channel` (optional) - Discord channel ID to bind

**Output:**
Confidence
80% confidence
Finding
create agent file

Session Persistence

Medium
Category
Rogue Agent
Content
- **Emoji** (e.g., "🔬")
- **Specialty** (what the agent does)
- **Model** (which LLM to use)
- **Workspace** (where to create agent files)
- **Discord channel ID** (optional)

#### 2. Run Creation Script
Confidence
75% confidence
Finding
create agent files) - **Discord channel ID** (optional) #### 2. Run Creation Script ```bash scripts/create-agent.sh \ --name "Agent Name" \ --id "agent-id" \ --emoji "🤖" \ --specialty "What

Session Persistence

Medium
Category
Rogue Agent
Content
echo -e "${YELLOW}📅 Memory System${NC}"
echo ""
echo "Would you like to set up a daily memory cron job for $NAME?"
echo "This will create a job that reviews and updates the agent's daily memory file."
echo ""
read -p "Create daily memory cron? (y/n): " -n 1 -r
echo ""
Confidence
87% confidence
Finding
create a job that

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal