Security audit

Skill Guard 1.0.2

Security checks across malware telemetry and agentic risk

Overview

The skill mostly does what it claims, but its installer has enough unchecked install and deletion authority that users should review it before use.

Install only if you are comfortable with a shell wrapper that can modify your OpenClaw skills directory. Use simple known-good ClawHub slugs, avoid --skip-scan, avoid --force unless you intend to replace an existing skill, and prefer pinned or verified dependency installation for uv and mcp-scan.

SkillSpector

By NVIDIA

Vulnerability Patterns

Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Vague Triggers

Medium

Confidence: 67% confidence
Finding: The description says the skill should be used when installing new skills from ClawHub, but it does not clearly constrain who triggers it, under what exact conditions, or whether it should ever act automatically. Broad activation language around install flows can cause an agent to invoke shell-based install logic in situations that were not explicitly approved by the user.

External Script Fetching

Low

Category: Supply Chain
Content: ## Requirements - `clawhub` CLI — `npm i -g clawhub` - `uv` — `curl -LsSf https://astral.sh/uv/install.sh | sh` ## Why This Matters
Confidence: 85% confidence
Finding: curl -LsSf https://astral.sh/uv/install.sh | sh

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal