ClawHub

Meta-Skill

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it claims, but it can turn sensitive local OpenClaw session history into persistent executable skills without enough warnings, staging, or review controls.

Install only if you are comfortable processing real OpenClaw session history locally. Before running it, use a narrow session or time window, inspect and redact the trace, compile to a temporary staging directory first, and review the generated schema, plan, and run.js before copying or refreshing it into active Skills. Avoid production sessions or traces containing secrets, customer data, financial/account actions, or public-posting workflows unless you have removed sensitive values and added guardrails.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill advertises a compilation pipeline that invokes scripts and writes generated artifacts, yet the metadata shown does not declare permissions while static analysis detected environment access capability. Hidden or undocumented access to environment variables can expose secrets such as API keys or tokens during trace processing or code generation, especially because this skill ingests session traces and synthesizes executable output.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill description and usage text do not clearly warn users that running the compiler writes generated files and registers them into the Skills directory. Because the skill converts traces into code and performs registration, a user may trigger persistent filesystem changes and load new executable skill content without understanding the side effects, increasing the chance of accidental persistence of unsafe or sensitive material.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation explicitly instructs users to ingest real OpenClaw session transcripts and extract actual tool calls and results, but it does not warn that those transcripts may contain sensitive prompts, secrets, tokens, file paths, or proprietary data. In a trajectory-compilation skill, this context makes the issue more dangerous because the feature is specifically designed to convert real user activity into reusable artifacts, increasing the chance that sensitive data is captured, persisted, or propagated into generated skills.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The registration step states that compiler output is written directly into the OpenClaw skills directory, including a default path under the user's home directory, but it does not clearly warn that local files may be created or overwritten. In this skill's context, that is more dangerous because generated code and metadata are meant to be hot-reloaded as active skills, so accidental overwrite or unintended registration could change local agent behavior and persist unsafe artifacts.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal