ClawHub

OpenClaw OA Operator

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a disclosed operational helper whose shell-oriented workflows fit its stated maintenance purpose, but users should treat it as capable of changing a workspace.

Install only if you want an agent to help with workspace operational tasks. Review commands before execution, especially installs, repairs, service control, release steps, or anything that changes files or deployment state.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
87% confidence
Finding
The skill explicitly instructs the agent to run shell-based operational workflows such as workspace smoke tests, wrapper scripts, and OA commands, but it does not declare corresponding permissions. That mismatch weakens policy enforcement and can cause the skill to be invoked with capabilities that are not transparently scoped or reviewed, increasing the chance of unintended command execution in a local workspace.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The description and body define a very broad activation surface: install, configure, repair, inspect, run services, refine dashboards, and prepare releases. Because the trigger boundaries are not tightly limited, an orchestrator may invoke this skill in situations involving general shell operations or remediation, causing it to handle tasks outside its safest intended context and potentially execute risky workspace scripts or service commands.

VirusTotal

44/44 vendors flagged this skill as clean.

View on VirusTotal