ClawHub

Agent Extract

Security checks across malware telemetry and agentic risk

Overview

This skill has a coherent agent-splitting purpose, but it gives broad local agent-management instructions that can duplicate sensitive context and alter existing heartbeat behavior too aggressively.

Install only if you are comfortable letting the skill guide changes to ~/.openclaw configuration, duplicated agent identity/memory files, and persistent cron jobs. Before using it, back up ~/.openclaw, choose a simple agent ID, review which memory and identity files will be copied, manually preserve unrelated HEARTBEAT.md tasks, and verify any deletion path before running rollback commands.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The skill states that the main agent configuration must not be changed unless explicitly requested, yet the extraction procedure later instructs modifying the global agent configuration to add a new agent. This contradiction can cause an operator or downstream agent to make broader configuration changes than the user intended, weakening change control and increasing the chance of unintended side effects in the primary environment.

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
The document promises existing cron jobs and main behavior will be preserved unless explicitly migrated, but later instructs clearing or rewriting the main HEARTBEAT.md as part of extraction. That creates a hidden behavioral change in the main agent, potentially disabling or altering scheduled actions without clear authorization or auditability.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill directs copying SOUL.md, IDENTITY.md, AGENTS.md, and memory files into a new workspace without warning that these may contain sensitive prompts, credentials, personal data, or operational secrets. Duplicating such material expands the attack surface, creates more persistence locations, and may unintentionally grant the new agent access to information beyond the minimum required.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The rollback section includes a destructive deletion command for the new workspace but does not warn that the deletion is permanent or advise verification of the path and backups first. In an operational skill, omission of such safeguards raises the risk of accidental data loss, especially if variables are substituted incorrectly or the command is run in haste.

VirusTotal

No VirusTotal findings

View on VirusTotal