ClawHub

Foundry

Security checks across malware telemetry and agentic risk

Overview

Foundry is openly a self-modifying capability builder, but it needs Review because it can install external plugin code, change agent behavior, and retain learned context without clear enough controls.

Install only if you intentionally want a self-modifying OpenClaw development agent. Review the npm package and GitHub source first, pin a version, use a separate test profile, disable auto-learning and auto-publishing until configured, and require manual diff review before generated code or self-changes are enabled.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The skill's Security section asserts that users approve before any code is written to disk, but the installation flow explicitly describes automatic download, extraction, enablement, and gateway restart. This kind of contradictory safety claim can mislead operators into trusting an automation path that performs code installation and activation without the review gate the document promises.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The document claims generated code is validated before deployment, yet the self-extension example shows raw tool code being supplied directly to a self-modification interface with no concrete validation, policy enforcement, or human review step. In a self-writing extension, this gap is especially dangerous because it normalizes arbitrary code generation and integration under a false assurance of safety controls.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill advertises automatic learning from agent activity and optional marketplace publication, but the main behavior description does not clearly warn that prompts, failures, context, or derived patterns may contain sensitive data. This can lead users to enable telemetry-like collection and sharing without understanding privacy or data leakage risks.

Self-Modification

High
Category
Rogue Agent
Content
1. **Research** — Fetch and understand OpenClaw documentation on demand
2. **Write Extensions** — Generate new tools and hooks for OpenClaw
3. **Write Skills** — Create ClawHub-compatible skill packages
4. **Self-Modify** — Add new capabilities to itself
5. **Learn** — Record patterns from failures and successes
Confidence
92% confidence
Finding
Write Skill

Self-Modification

High
Category
Rogue Agent
Content
1. **Research** — Fetch and understand OpenClaw documentation on demand
2. **Write Extensions** — Generate new tools and hooks for OpenClaw
3. **Write Skills** — Create ClawHub-compatible skill packages
4. **Self-Modify** — Add new capabilities to itself
5. **Learn** — Record patterns from failures and successes

## Tools
Confidence
97% confidence
Finding
Self-Modify

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal