ClawHub

Crabwalk

Security checks across malware telemetry and agentic risk

Overview

Crabwalk appears to be a real monitoring tool, but it can expose agent activity, workspace files, and a local OpenClaw token over a network-facing service without enough scoping or safety guidance.

Install only if you trust the Crabwalk GitHub release and understand that it may use your local OpenClaw gateway token and expose monitoring data plus workspace files through a web server. Prefer binding it to localhost or a protected interface, avoid sharing the LAN URL unless the network and viewers are trusted, and review the install command before allowing PATH changes or sudo package installs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The install command invokes privileged package-manager operations to install `qrencode`, which is optional and not core to the stated monitoring function. Bundling sudo-based package installation into a one-liner increases risk because it normalizes unnecessary privilege use and can change the host system beyond the main app install.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The skill describes `/workspace` file browsing and markdown viewing features even though it is presented as a real-time monitor. Expanding from monitoring into workspace access materially increases sensitivity because users may expose source files, notes, secrets, or other local content over the served interface.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The install section immediately instructs execution of a compound shell command that downloads code, writes files under the home directory, modifies shell startup files, and may invoke package managers, without an upfront warning about these system changes. This can lead users to run impactful commands without understanding persistence, privilege, or network implications.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The instructions encourage sharing a network-accessible `http://192.x.x.x:3000` URL without warning that the service binds to the network and may expose agent activity and workspace views. In this context, omitting a privacy warning is dangerous because the same document advertises a `/workspace` browser and token auto-detection, increasing the chance of sensitive local data being exposed to others on the LAN.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal