ClawHub

Blue Green Deployer

Security checks across malware telemetry and agentic risk

Overview

This skill is mostly coherent, but running it can automatically change the live OpenClaw configuration while presenting that step as validation.

Review this before installing or running. It is not evidence of malware, but `deploy.sh` can change your live `~/.openclaw/openclaw.json` when you may think you are only validating. Keep an independent backup, inspect `openclaw.json.green`, run JSON checks manually, and only run the script when you intend a live configuration change.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill states that running the deployment script will automatically promote the Green configuration to Blue if audit passes, but it does not prominently warn that this changes the live configuration. In an operational deployment skill, this can cause users to unintentionally modify production state under the assumption they are only testing, increasing the risk of service disruption or unintended rollout of unsafe settings.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The script removes the live configuration file and replaces it with a symlink as part of validation without any user confirmation or atomic swap mechanism. Although this appears intended to support blue/green testing, it creates a window where the live config is destructively modified and can be left in a broken or unexpected state if the script is interrupted, the filesystem behaves unexpectedly, or concurrent processes read the config during the swap.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal