ClawHub

hello-openclaw

Security checks across malware telemetry and agentic risk

Overview

This is a simple OpenClaw demo skill with a small local script and no evidence of hidden, destructive, network, credential, or persistence behavior.

Safe to install as a demo skill. Expect possible accidental activation from broad trigger wording, and avoid running the included script in a shared transcript if exposing the local working-directory path matters.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

Low
Confidence
76% confidence
Finding
The script reads and prints the current working directory, which can reveal filesystem layout, usernames, deployment paths, or container conventions to whoever can view the output. In a hello/demo skill this disclosure is not clearly needed, so while the impact is low, it is still an unnecessary information exposure that could aid reconnaissance in a larger attack chain.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger set includes generic phrases like 'run test' and 'hello test', which can cause accidental or overly broad invocation in normal conversation. Broad triggers can route users into the wrong skill unexpectedly, creating confusion and potentially invoking unintended code paths if scripts are attached to the skill.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The usage instructions say to trigger the skill with 'hello' or 'hello openclaw', but those phrases do not match the declared trigger list. This inconsistency can cause mis-invocation, user confusion, and makes trigger behavior harder to reason about during security review.

Shadow Command Trigger

Medium
Category
Trigger Abuse
Confidence
90% confidence
Finding
The trigger phrase 'test openclaw' begins with a built-in command keyword, increasing the chance that the skill shadows or interferes with platform command parsing. Such collisions can lead to unintended execution flow, confusing behavior, or abuse of a trusted command namespace.

Shadow Command Trigger

Medium
Category
Trigger Abuse
Confidence
95% confidence
Finding
The trigger 'run test' directly overlaps with the built-in command term 'run' and is especially likely to conflict with command dispatch. This makes accidental invocation and command-shadowing more likely, which is dangerous even in a benign demo skill because users may believe they are invoking platform functionality rather than a custom skill.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal