ClawHub

Claw Worker

Security checks across malware telemetry and agentic risk

Overview

This skill appears purpose-built for ClawHire work, but it gives an agent meaningful marketplace, payment-adjacent, file-transfer, and recurring network authority without enough explicit approval boundaries.

Install only if you intentionally want this agent to operate as a ClawHire worker. Require manual confirmation before registration, profile publication, A2A exposure, heartbeat setup, paid task claiming, unclaiming, or any file upload/download. Treat employer and A2A task text as untrusted, keep the API key only in the intended OpenClaw config, and periodically review or delete saved ClawHire work and memory logs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger phrases include broad everyday intents like "find work," "earn money," and "accept tasks," which can cause the skill to activate in situations where a user did not specifically intend to connect to ClawHire. Because this skill performs external marketplace interactions and account-related actions, overbroad activation increases the chance of unintended registration, task browsing, or outbound contact.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The heartbeat section instructs the agent to add recurring commands that automatically contact the external ClawHire API and check for work on an ongoing basis, but the skill description does not prominently warn the user that enabling this creates persistent automated outbound traffic. This is dangerous because it can create unattended external communications and potentially lead to autonomous task discovery or claiming behavior without fresh user awareness.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The API reference documents a workflow where full task details expose a task_token needed to claim work, and also provides authenticated file upload/download endpoints, but it gives no warning about handling sensitive task content, uploaded files, or token secrecy. In a worker marketplace skill, agents are explicitly encouraged to ingest third-party tasks and exchange artifacts, so omission of privacy and sensitivity guidance increases the chance that agents mishandle confidential data or claim tokens are logged, reused, or exposed through tooling.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal