ClawHub

Agency Agents Openclaw

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent AI-agent bundle, but its autonomous multi-agent workflow and automatic workspace output retention need user review before installation.

Install only if you are comfortable with an autonomous project workflow. Use it in a dedicated workspace, review planned actions before allowing file, deployment, analytics, sales, finance, legal, or public-content changes, and avoid providing secrets or sensitive customer data unless you have confirmed where outputs are saved and how they can be deleted.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Natural-Language Policy Violations

Medium
Confidence
89% confidence
Finding
The skill is entirely written in Chinese without offering an alternate language path or documenting a required locale, which can prevent non-Chinese-speaking operators, reviewers, or downstream agents from correctly understanding safety rules, deployment steps, and code examples. In a security context, reduced comprehensibility increases the chance of misuse, misconfiguration, and failure to detect unsafe instructions or implementation flaws.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly directs collection of user feedback, analytics, A/B testing, and behavior data from the start, but provides no user-facing notice, consent flow, retention guidance, or privacy constraints. In a prototyping context, this is dangerous because speed-first implementation often leads to over-collection of personal or behavioral data without transparency, increasing privacy, compliance, and trust risks.

Natural-Language Policy Violations

Medium
Confidence
93% confidence
Finding
The skill is written entirely in Chinese and strongly steers outputs toward Chinese without offering a user-language override or documenting a necessary locale restriction. This can cause user requests, risk signals, requirements, or compliance details to be misunderstood or omitted when users interact in other languages, which is a real quality and safety weakness for a project-management agent.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill description is broad and lacks explicit activation boundaries, inputs, or trigger conditions, which can cause the agent to over-apply the skill to unrelated contexts or act on sales/Excel data without sufficient scoping. In agent systems, ambiguous routing increases the risk of unintended data access, incorrect automation, and misuse of business-sensitive information.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The quickstart states that Agent output is automatically saved to a workspace path, but it does not warn that prompts and outputs may contain secrets, customer data, credentials, or proprietary code. In an agent skill context, automatic persistence increases the chance of unintended local data retention, later exposure via backups, shared machines, or other tools that read the workspace.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill presents itself as an autonomous end-to-end pipeline manager and describes generating plans, architecture, reports, and other deliverables, but it does not warn users that invoking it may create or modify artifacts across a project. In an agent environment, this can lead to unexpected file creation, overwriting of project documents, or unintended workflow changes without informed user consent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly advertises fully autonomous operation with no human intervention while coordinating multiple agents and handling retries and decisions automatically. This increases the risk of cascading unintended actions, such as repeated modifications, bad delegation, or propagation of incorrect instructions across agents, especially because no human approval checkpoints or risk warnings are described.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal