ClawHub

OpenClaw 三本说明书生成器

Security checks across malware telemetry and agentic risk

Overview

This is a transparent, instruction-only skill for generating local OpenClaw setup manuals, with no hidden code or network behavior found.

Before installing, expect this skill to ask personal preference and workflow questions and then create or update SOUL.md, USER.md, and AGENTS.md. Review the generated content carefully, confirm where files will be written, avoid storing secrets or credentials, and do not approve overwriting existing manuals unless you are comfortable replacing them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The guide tells the agent to write generated files after a simple confirmation, but it does not require a clear warning that local files will be created or could overwrite existing SOUL.md, USER.md, or AGENTS.md. In an agent environment with filesystem access, this can lead to unintended modification or loss of user data because the user may not understand the scope or target path of the write action.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The confirmation prompt asks '要我现在帮你写入文件吗?' but does not explain the impact of the action, such as creating files in the workspace or replacing existing content. This is dangerous because it can obtain nominal consent without informed consent, making accidental destructive file operations more likely.

Vague Triggers

Medium
Confidence
88% confidence
Finding
Several trigger phrases are broad enough that ordinary conversation about configuring an AI companion could unintentionally activate the skill. In an agent environment, overly generic activation conditions can cause the wrong workflow to run, leading to unwanted collection of user preferences or generation of configuration files in contexts where the user did not explicitly request this skill.

Vague Triggers

Medium
Confidence
90% confidence
Finding
Quick-mode triggers like '紧急配置' or 'quick setup ai' are especially ambiguous and may match many unrelated conversations. Because quick mode reduces questioning and speeds toward output, accidental activation is more dangerous here: it can produce incomplete or unintended workspace changes with less user scrutiny.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The workflow says it will '写入文件' and generate three manuals, but it does not clearly require explicit user consent, preview, destination disclosure, or overwrite protection before modifying the workspace. In agent systems, silent or poorly disclosed file writes are risky because they can alter project state, overwrite existing documentation, or create trust and auditability issues.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal