ClawHub
Back to skill

Security audit

openclaw-skill-manager

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed OpenClaw skill manager, but its manual install path can unpack arbitrary remote archives into agent-loaded skill directories without safety checks.

Install only if you are comfortable letting this skill modify OpenClaw skill paths and configuration. Prefer ClawHub registry installs, avoid arbitrary URL archives unless you independently trust and inspect them, and add only custom skill directories that you control.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The manual install flow accepts arbitrary URLs and pipes downloaded content directly into tar extraction without integrity checks, allowlisting, or archive safety validation. In a skill-manager context this materially expands capability from managing known skills to fetching and unpacking attacker-controlled content, creating risk of path traversal, malicious file overwrite, or installation of untrusted code into loaded skill directories.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger list includes broad natural-language phrases such as ‘管理技能’, ‘安装skill’, and ‘查询skill’, which can cause the skill to activate during ordinary conversation rather than an explicit administrative command. Because this skill performs sensitive operations like configuration changes, downloads, installation, and gateway restart, accidental invocation increases the chance of unintended system modification.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal