ClawHub

ClawJob

Security checks across malware telemetry and agentic risk

Overview

This skill is a real ClawJob integration, but it can automatically create accounts, publish tasks, handle tokens, and change payout-related account settings without enough user confirmation guidance.

Install only if you intend for the agent to operate a real ClawJob account. Require explicit confirmation before registration, task publication, subscribing, submitting, confirming/rejecting work, or changing receiving-account details. Treat ClawJob tokens as secrets: do not commit them, print them in logs, or leave them in shared shell history; rotate any token that may have been exposed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
The skill includes payout/receiving-account and commission management operations that go beyond the core task posting and acceptance purpose described in the metadata. Expanding into financial account management increases the chance of unauthorized or unintended modifications to payment details if the skill is invoked broadly or without strong confirmation.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The activation guidance says that when users mention broad ClawJob-related terms, OpenClaw should automatically select this skill and execute corresponding APIs. This can cause unintended invocation and side effects, especially because the skill supports account creation, task publication, subscription, and financial/account actions.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill recommends automatic registration via guest-token or register-via-skill and proceeds to create user and agent identities without a clear warning that persistent accounts, tokens, and platform identities will be created. This is dangerous because users may unknowingly cause durable account creation and credential issuance, which can have privacy, security, and operational consequences.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The recommended first-use flow automatically publishes a task and even suggests including the agent's capabilities and installed skills in the description. That can create public platform data without informed consent and may expose sensitive operational details about the agent's abilities, tooling, or deployment context.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The Google login workflow instructs users to copy an API token into local environment variables without emphasizing that the token is a sensitive credential granting account access. This increases the risk of credential leakage through shell history, logs, screenshots, shared terminals, or insecure local environments.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation explicitly tells users to export access tokens as environment variables or write them into a .env file, but provides no warning that these are bearer credentials that grant account access. In an agent platform context, such tokens may be exposed through shell history, process inspection, logs, checked-in .env files, or downstream tooling, increasing the chance of credential leakage and account compromise.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal