ClawHub

high perf orchestration a la oh my codex & gastown

Security checks across malware telemetry and agentic risk

Overview

This instruction-only orchestration skill is coherent and disclosed, but users should scope it carefully because it can coordinate persistent coding workers and use an API key.

Install this only if you intentionally want OpenClaw to coordinate Claude Code or Codex ACP workers for larger coding jobs. Before use, review the ACPX permission setting, keep worker prompts and artifact paths narrow, avoid putting secrets in handoffs or run-state files, protect and rotate any API key used by the gateway, and inspect any referenced helper scripts before running them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation explicitly recommends configuring the ACPX plugin with `permissionMode: approve-all` for unattended runs, which materially reduces safety controls around automated agent actions. In this skill's context—an orchestration/control-plane setup for delegating coding work to autonomous backends—that setting increases the chance that a worker can perform sensitive file, command, or integration actions without meaningful human review, making misuse or prompt-compromise more dangerous.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The document instructs users to place an OpenAI API key in the gateway service environment but does not warn about secret exposure paths such as process inspection, misconfigured logs, inherited environments, or accidental disclosure in support bundles and service definitions. In a multi-backend agent orchestration environment, compromise of that key could enable unauthorized API usage, billing abuse, and access through the codex execution backend.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The document explicitly recommends injecting `OPENAI_API_KEY` into the `openclaw-gateway.service` environment to make unattended runs work, but it provides no warning about secret-handling risks, scope minimization, rotation, or exposure through service metadata/logging. In a control-plane/orchestration skill, this is more dangerous than generic documentation because operators may copy the pattern directly into a long-lived shared service, increasing the chance of credential leakage or overbroad access.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal