ClawHub

OpenClaw 成功流程沉淀发布器 / OpenClaw Success Skill Publisher

Security checks across malware telemetry and agentic risk

Overview

This skill can publish generated content externally, but the behavior is disclosed, purpose-aligned, and gated by explicit runtime flags and approval guidance.

Use dry-run first, inspect the generated skill bundle and share_payloads before publishing, remove private workflow details, and only provide scoped ClawHub tokens or webhook URLs for destinations you actually intend to use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill clearly expects access to environment variables, local file I/O, and network publishing, yet it does not declare permissions explicitly. This creates a transparency and governance gap: users or orchestrators may invoke a skill with broader capabilities than they realize, increasing the risk of unintended secret exposure, unauthorized publishing, or unsafe filesystem/network actions.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The activation description is broad enough that the skill could trigger whenever a user discusses turning a workflow into a reusable skill or distributing content, even if they did not intend real publication. In a skill that can generate artifacts and publish to external services, ambiguous trigger boundaries raise the chance of overbroad invocation and accidental data egress.

Natural-Language Policy Violations

Medium
Confidence
78% confidence
Finding
Mandating bilingual sharing output without user choice can cause the skill to transform and expand user content for additional audiences automatically. In a publishing workflow, this increases the risk of sharing sensitive or context-specific information more broadly than intended, especially across external distribution platforms.

Natural-Language Policy Violations

Medium
Confidence
80% confidence
Finding
The explicit rule to generate both Chinese and English sharing copy removes user control over content localization and can broaden dissemination automatically. While not as severe as direct secret leakage, it can still create privacy, compliance, or reputational issues when content is repackaged for multiple audiences without consent.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill description is broadly framed to automatically turn 'successful OpenClaw interactions' into reusable skills and publish/share them, but it does not define clear trigger boundaries, approval checkpoints, or content eligibility constraints. In a publishing/distribution skill, overly broad invocation criteria can cause unintended packaging and external dissemination of sensitive, proprietary, or unsafe workflows without sufficient user confirmation.

Natural-Language Policy Violations

Medium
Confidence
95% confidence
Finding
The default prompt instructs the agent to 'publish to ClawHub, and distribute bilingual posts to configured channels' as a default action, without indicating user opt-in for publication targets or language expansion. This creates a real risk of unauthorized external posting, privacy leakage, and broader amplification of sensitive content because translation and multi-channel sharing increase the blast radius of any mistaken publication.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script can publish generated skill bundles and sharing content to external services based on CLI flags, but it does not present an explicit consent or disclosure checkpoint describing exactly what data will leave the local environment. In this skill's context, the input comes from prior OpenClaw interactions and may contain sensitive operational details, so accidental exfiltration of prompts, workflow traces, evidence, or business data to ClawHub or social/webhook endpoints is a realistic risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal