ClawHub

Skillguard

Security checks across malware telemetry and agentic risk

Overview

The skill is a disclosed remote auditing tool, but users should know it uploads audited code and includes an optional installer wrapper.

Install only if you are comfortable sending audited skill source or selected local files to api.agentsouls.io. Do not audit private code, secrets, or proprietary skills unless you trust that service and its retention claim. Treat safe-install.sh as an installer, avoid --force unless you already trust the target skill, and review CAUTION/UNKNOWN results manually.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Tp4

High
Category
MCP Tool Poisoning
Confidence
84% confidence
Finding
The documented purpose says the skill audits skills before installation, but the analysis indicates the underlying behavior also installs skills and supports bypassing the audit with `--force`. That mismatch is dangerous because users may trust the skill as a safety control while it can perform the exact action it is supposed to gate, weakening informed consent and enabling risky installation flows.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The script presents itself as a 'safe install' wrapper, yet explicitly provides a --force mode that bypasses the audit and directly executes installation. This undermines the security control the tool is meant to enforce and can be abused by users or automation to install unreviewed skills, especially if they rely on the wrapper for protection.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The wrapper not only audits but also performs installation decisions itself, including proceeding automatically for SAFE/LOW_RISK and interactively for other cases. In this context, the dangerous aspect is that installation remains coupled to potentially fallible audit output, so any audit failure, misclassification, or user override can still result in installing a malicious skill under the credibility of a safety tool.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script reads either a local file or fetched skill contents and sends the full contents to a third-party audit API, but the user-facing interface does not clearly warn that code will leave the local environment. This creates a real data-exposure risk because secrets, proprietary code, or sensitive prompts embedded in the audited files may be transmitted off-host unexpectedly.

External Transmission

Medium
Category
Data Exfiltration
Content
Audit any OpenClaw skill for security risks **before** you install it.

Calls the SkillGuard API (`https://api.agentsouls.io/api/audit`) and returns a verdict, risk score, and threat list.

## Usage
Confidence
92% confidence
Finding
https://api.agentsouls.io/

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal