ClawHub

OpenClaw Safety Guard

Security checks across malware telemetry and agentic risk

Overview

This skill is not clearly malicious, but it needs review because a safety tool is packaged with mismatched metadata and unclear third-party data handling.

Review before installing. Verify the publisher and actual CLI implementation, resolve the summarize metadata mismatch, and avoid sensitive inputs unless you are comfortable with configured model and extraction providers receiving the content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The skill is presented as a pre-LLM safety guard for analyzing user input, but the documented interface actually fetches and processes remote URLs, PDFs, and YouTube content. That scope expansion materially changes the trust boundary: instead of only filtering local user text, it can exfiltrate content to external models and services and ingest attacker-controlled remote content, which is inconsistent with the declared security role.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
Advertising Firecrawl and Apify-backed extraction/crawling is not justified by a narrow pre-LLM safety-guard purpose and introduces additional third-party data exposure and remote content ingestion pathways. In a security guard context, these integrations increase attack surface and can cause sensitive prompts or referenced content to be transmitted externally under the guise of safety checking.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
Requiring multiple LLM provider API keys and supporting arbitrary model selection is inconsistent with a minimal guard/filter role and implies user content may be routed to external model vendors. In the context of a security guard, that mismatch is dangerous because users may assume local or tightly scoped filtering while their data is actually sent to third parties.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The metadata slug is 'summarize' while the skill is described as a safety/security guard, creating a material identity mismatch. This can cause the wrong skill to be invoked, bypass user/admin expectations, and weaken security review or policy enforcement that relies on metadata consistency.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The description uses broad wording about analyzing harmful content and security threats without defining concrete invocation boundaries or limitations. For a security-sensitive skill, ambiguous trigger conditions can cause overbroad activation, unnecessary inspection of user data, and misuse in contexts beyond the intended guardrail function.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation lists multiple API keys, model providers, and optional external services but does not warn that user-supplied content, fetched documents, or extracted media may be transmitted to third parties. In a tool framed as a safety guard, this omission is especially risky because users may trust it with sensitive content they would not knowingly send to external vendors.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal