ClawHub

AgentSentinel Safety Layer

Security checks across malware telemetry and agentic risk

Overview

AgentSentinel is a coherent local guardrail skill with documented local logging and opt-in cloud sync, but users should avoid sending sensitive command details unless they trust the service.

Install this if you want local budget and policy checks. Treat .agent-sentinel/openclaw_events.jsonl as potentially sensitive because it can contain command text, paths, and operational context. Only set AGENT_SENTINEL_API_KEY and run sync if you trust AgentSentinel with those logged events, and use reset deliberately because it clears local accounting.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill advertises executable capabilities including environment access, file read/write, and network use, but does not declare permissions to match. That creates a transparency and policy-enforcement gap: operators or hosting platforms may trust the manifest as lower risk than the actual behavior, especially because the skill can read API keys, modify local state, and optionally transmit telemetry to a remote endpoint.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The sync command uploads locally recorded events to a remote API, and those events can contain raw command data and related details. While sync is user-initiated and gated on an API key, the operation itself does not provide a clear just-in-time disclosure of what data will be transmitted, creating a real privacy and data-exposure risk.

Ssd 3

Medium
Confidence
97% confidence
Finding
The code stores raw command strings in event logs and then transmits those entries during cloud sync. Commands often contain secrets, file paths, tokens, or sensitive operational context, so retaining and exporting them materially increases exposure if local files or the remote service are accessed by unauthorized parties.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal