ClawHub

Starter Flow

Security checks across malware telemetry and agentic risk

Overview

Starter Flow is a visible, user-confirmed onboarding installer for five named OpenClaw skills, with broad trigger wording but no hidden or destructive behavior found.

Install this if you want the listed starter skills, but review the preselected list before confirming. For stronger supply-chain control, inspect or install the five skills individually and choose exact versions where possible.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
82% confidence
Finding
The trigger phrase '新手启动' is broad and conversational, which increases the chance the skill could be invoked during normal discussion rather than through an explicit, high-assurance command. In an agent environment, unintended invocation can lead to surprise installation prompts or workflow changes, especially when the skill is designed to initiate package installation behavior.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger list includes very generic terms such as “新手”, “启动”, “starter”, and “第一次”, which are common in normal conversation and likely to cause accidental activation. Because this skill initiates an installation flow for multiple other skills, unintended triggering could lead to unwanted package changes and increased exposure to whatever those downstream skills do.

Vague Triggers

Medium
Confidence
96% confidence
Finding
The documentation explicitly promotes vague activation with phrases like “随口一说就懂” and “不用记命令,说中文就懂,” reinforcing unconstrained natural-language triggering. In context, this increases the chance that unrelated user speech will invoke the skill, which is more concerning because the skill is a starter installer that can influence onboarding and install additional components.

Vague Triggers

Medium
Confidence
77% confidence
Finding
The phrase promoting a product where users can achieve outcomes by casually saying what they want encourages extremely broad natural-language triggering without defining boundaries, confirmation thresholds, or excluded actions. In an agent skill context, that can normalize ambiguous intent interpretation and increase the risk of unintended actions, especially if later paired with automation or privileged operations.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The report explicitly endorses broad trigger words such as “新手”, “启动”, and “starter”, which are common natural-language terms and can cause accidental activation in unrelated conversations. In an agent skill context, overbroad triggers weaken invocation boundaries and may cause the skill to run when the user did not intend it, increasing the chance of unwanted actions or confusing behavior.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal