ClawHub

Weekly Report (OpenClaw)

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate weekly-report automation skill, but it handles workplace credentials, local token caches, and report contents that may be sent to an external AI provider.

Install only if you trust the weekly-report system, the configured LLM provider, and the remote dependency installers. Treat .token_cache and .data_cache as sensitive files, prefer scoped credentials/API keys, review the configured HTTP report-system URL and LLM base URL, and clear caches when the report has been generated.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill declares no explicit permissions even though its documented behavior requires access to environment variables, local files, network resources, and shell/setup execution. This creates a capability/permission mismatch that can hide the true attack surface from reviewers and allow a user or host system to grant broader access than expected without clear disclosure.

Context-Inappropriate Capability

Medium
Confidence
83% confidence
Finding
The skill is configured to load usernames, passwords, and API keys from environment variables and a local .env file, which means it is designed to consume sensitive credentials beyond simple report formatting. In the context of a weekly-report skill that also logs into internal systems and calls external LLM APIs, this materially expands the trust boundary and creates risk if the skill is over-permissioned, reused in other contexts, or its outputs/logs are later mishandled.

Ssd 3

Medium
Confidence
94% confidence
Finding
The code sends raw weekly report entries directly to the LLM prompt, including employee names and all non-filtered report fields. In a weekly-report skill, that means potentially sensitive internal work details and personal identifiers are exposed to the model and can be reproduced in the generated output or retained by an external LLM provider, creating a real confidentiality risk.

External Script Fetching

Low
Category
Supply Chain
Content
irm https://astral.sh/uv/install.ps1 | iex

# 安装 uv (macOS/Linux)
curl -LsSf https://astral.sh/uv/install.sh | sh

# 安装依赖
cd skills/weekly-report/scripts
Confidence
91% confidence
Finding
curl -LsSf https://astral.sh/uv/install.sh | sh

Chaining Abuse

High
Category
Tool Misuse
Content
irm https://astral.sh/uv/install.ps1 | iex

# 安装 uv (macOS/Linux)
curl -LsSf https://astral.sh/uv/install.sh | sh

# 安装依赖
cd skills/weekly-report/scripts
Confidence
96% confidence
Finding
| sh

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal