ClawHub

Error Recovery Automation

Security checks across malware telemetry and agentic risk

Overview

This recovery skill is instruction-only and mostly purpose-aligned, but it includes unattended repair steps that can modify an OpenClaw installation and persistent user files.

Install only if you want agents to help automate local OpenClaw recovery. Before scheduling these workflows, manually review any script that rebuilds npm modules, validate the OpenClaw install path, require approval for software repair steps, keep cron intervals narrow, and add safeguards for inbox and memory writes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The skill warns against hard-coded assumptions, yet the memory search recovery flow changes into a presumed global OpenClaw installation path and rebuilds a native module in place. That can modify the wrong installation, fail unpredictably across environments, or alter shared system software from an automated workflow, which is unsafe for a recovery skill.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
This recovery skill goes beyond restarting services and includes `npm rebuild better-sqlite3` plus modification of the application installation directory. Automated package rebuilds are higher-risk maintenance actions that can break dependencies, introduce supply-chain exposure, or leave the system in a partially modified state if run unattended.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The escalation snippet appends directly to `inbox/agent-aufgaben.md` and `memory/YYYY-MM-DD.md` without validation, existence checks, locking, or clear user-consent boundaries. In an automated context, this can corrupt user-managed files, create duplicate or malformed entries, or let repeated failures generate uncontrolled file growth.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal