ClawHub

MeshOps Control Plane

Security checks across malware telemetry and agentic risk

Overview

The skill is coherent for mesh operations, but it can perform high-impact deployment and command actions with weakly scoped controls that users should review before installing.

Install only in a trusted OpenClaw environment where task creation, environment variables, and operator accounts are tightly controlled. Leave high-risk gates disabled unless needed, restrict deploy sources and command allowlists, and avoid running downloaded artifact smoke tests outside a sandbox.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Intent-Code Divergence

Medium
Confidence
87% confidence
Finding
The module presents itself as 'Secure' while its authorization model is controlled by environment variables that can broaden allowed callers or enable high-risk actions at runtime. In environments where attackers or untrusted operators can influence process configuration, this can weaken or bypass intended protections and create a false sense of security around privileged task dispatch.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script downloads an archive from a remote URL, verifies only its hash, extracts it, and then directly executes a bundled `test_smoke.sh`. Even with HTTPS and SHA-256 validation, this still runs attacker-controlled code whenever the artifact source or supplied hash is malicious or compromised, turning deployment into arbitrary code execution on the host.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The spec explicitly instructs agents to automatically poll for tasks, claim them, and process them before other work, while also writing claim/completion state into shared Yjs state. That creates autonomous side effects in a multi-agent system without any requirement for user confirmation, policy gating, authorization checks, or even operator-visible warning/telemetry at the point of action, increasing the risk of unintended task execution and silent state changes.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal