Security audit

Openclaw Master Skills Clawhub Pkg

Security checks across malware telemetry and agentic risk

Overview

This package is mainly a markdown catalog of other OpenClaw skills and does not itself contain executable code, hidden persistence, or automatic high-impact actions.

Installing this package should be treated as installing a large catalog/index, not as proof that every listed skill is safe. Review individual skills before installing or enabling them, especially ones involving browser automation, memory, email, messaging, desktop control, credentials, auto-updates, or account actions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (5)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The README advertises multiple skills with trigger language so broad that an agent could select powerful or irrelevant skills for routine requests without clear user intent. In a repository that includes browser automation, email, messaging, filesystem, memory, and secret-management skills, loose activation guidance increases the chance of unnecessary privilege use, prompt-scope expansion, or unintended external actions.

Vague Triggers

Medium

Confidence: 93% confidence
Finding: A trigger that says to use the PDF skill whenever the user wants to do anything with PDF files is overly expansive and can cause the agent to invoke the skill even when simple in-model reasoning or safer local handling would suffice. Because document-handling skills may parse, transform, or export user files, unnecessary invocation expands the data-exposure and action surface.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The '.pptx any time' style trigger is too broad and may activate the skill from incidental mentions of PowerPoint files rather than a real request to create, inspect, or modify them. That creates avoidable tool use and could lead to file generation or processing actions beyond user intent.

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The spreadsheet trigger is defined so broadly that merely mentioning spreadsheets can route the agent into a tool path unnecessarily. Since spreadsheet skills often read or write structured business data, broad activation can increase accidental data access, modification risk, and confusion about what the agent is authorized to do.

Vague Triggers

Medium

Confidence: 95% confidence
Finding: A blanket instruction to use a skill when starting any conversation is an unsafe global trigger because it can intercept all requests regardless of relevance. In this repository, where skills can discover, install, update, and orchestrate other skills, such a universal hook materially raises the risk of prompt hijacking, tool overuse, and unauthorized expansion of the agent's operational scope.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.