ClawHub

Multi-Agent Create

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says, but it asks users to provide powerful messaging credentials in chat and creates persistent agent/channel access, so it needs careful review before installation.

Install only if you intentionally want to create a persistent OpenClaw bot connected to an external messaging service. Do not paste production tokens or app secrets into chat; use least-privilege test credentials, store secrets through a protected config or secrets manager, review the generated workspace and gateway config before restart, use a simple safe agent name with no slashes or dots, and revoke or rotate credentials if setup is abandoned or the bot is removed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The documented trigger phrases, such as "Create a new agent" and "Add a bot," are very generic and likely to collide with ordinary user requests. In an agent environment, broad activation language can cause the skill to run unintentionally and initiate agent creation or setup workflows without the user clearly intending to invoke this specific skill.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README states that workspace files are auto-generated and gateway configuration is updated automatically, but it does not warn users that local files and setup state will be modified. This can lead to unexpected persistent changes, misconfiguration, or accidental overwrite of existing agent/workspace data if the skill is invoked without the user's full awareness.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill requests highly sensitive credentials, including bot tokens, app secrets, and service-account information, but provides no secure-handling guidance, masking, or safer collection channel. In an agent/chat context, asking users to paste secrets directly into conversation can cause credential exposure through logs, transcripts, prompt history, or downstream tools.

Ssd 3

High
Confidence
99% confidence
Finding
The skill explicitly tells users to paste secrets such as Telegram bot tokens, Discord tokens, Slack app/bot tokens, and Feishu app secrets directly into the chat. These credentials grant control over bots and integrations and may enable account takeover, message interception, impersonation, abuse of connected workspaces, or persistence if captured from logs or agent memory.

Ssd 3

Medium
Confidence
88% confidence
Finding
Requesting a path to a Google service-account key file on the server is risky because it encourages use of long-lived key material and may expose sensitive filesystem layout or lead the agent to access unintended files if the path is mishandled. In practice, service-account JSON keys are highly sensitive and should be managed through secure identity mechanisms rather than conversational prompts.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal