ClawHub

Find Skill HEQI

Security checks across malware telemetry and agentic risk

Overview

The skill is a legitimate skill-discovery helper, but it can steer broad user requests into global, silent installation of third-party skills without a clear consent checkpoint.

Install only if you want the agent to actively search for and recommend OpenClaw skills. Before accepting any install it suggests, review the skill source, avoid silent global installs where possible, and require an explicit confirmation step for each third-party package.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The frontmatter description and title frame the skill as broadly applicable whenever a user asks how to do something, which can cause over-triggering on ordinary requests that do not actually require package discovery or installation. In practice, that increases the chance the agent steers users toward searching for and installing third-party skills unnecessarily, expanding supply-chain and consent risk.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The invocation guidance lists many broad prompts like 'how do I do X' and 'can you do X' without boundaries, so the skill may activate for routine assistance requests rather than true extension requests. That can lead the agent to recommend or initiate package lookup/installation flows in situations where users did not ask for external software, creating unnecessary exposure to untrusted ecosystem content.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to install with 'npx skills add <owner/repo@skill> -g -y', where '-g' performs a global install and '-y' suppresses confirmation, but it does not warn the user about the scope or the loss of an approval checkpoint. In a skill-discovery context involving third-party packages from GitHub or other sources, this materially raises the risk of unintended or unsafe installation of untrusted code.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal