ClawHub

openclaw-server-secure-skill

Security checks across malware telemetry and agentic risk

Overview

This server-hardening skill has a legitimate purpose, but its instructions include high-impact server changes and a remote script execution pattern that users should review carefully before installing.

Install only if you are comfortable with the skill guiding persistent server-level security changes. Before following its commands, make sure you have console or out-of-band access, confirm SSH key login works, add explicit firewall allow rules before enabling UFW, and prefer Tailscale's signed package repository or an inspected installer over piping a remote script directly to a shell.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill recommends SSH hardening and enabling a default-deny firewall without a prominent upfront warning that these steps can immediately cut off remote administration if sequencing or access assumptions are wrong. In a remote-server setup guide, this is operationally dangerous because a user may lose access before Tailscale or alternate management paths are confirmed.

External Script Fetching

High
Category
Supply Chain
Content
- Goal: Create a private VPN mesh network.
    - Commands:
      ```bash
      curl -fsSL https://tailscale.com/install.sh | sh
      sudo tailscale up
      ```
    - *Wait for user to authenticate the Tailscale link.*
Confidence
98% confidence
Finding
curl -fsSL https://tailscale.com/install.sh | sh

Chaining Abuse

High
Category
Tool Misuse
Content
- Goal: Create a private VPN mesh network.
    - Commands:
      ```bash
      curl -fsSL https://tailscale.com/install.sh | sh
      sudo tailscale up
      ```
    - *Wait for user to authenticate the Tailscale link.*
Confidence
99% confidence
Finding
| sh

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal