ClawHub

Colmena Manager

Security checks across malware telemetry and agentic risk

Overview

This is a mostly coherent OpenClaw agent-management skill, but it needs review because it can delete local workspaces and builds shell commands from user input without safeguards.

Review carefully before installing. Only use this with trusted operators and non-critical workspaces until workspace removal is guarded by validation and confirmation, shell commands are replaced or safely quoted, and the heartbeat behavior is either packaged and opt-in with clear controls or removed from the documentation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README states that HEARTBEAT.md performs automatic health checks every 30 minutes, which implies recurring background activity and possible diagnostic execution without clearly describing user consent, scope, or operational side effects. In a skill that can inspect agents, sessions, logs, and use exec/process for diagnostics, undocumented periodic actions increase the risk of unexpected monitoring, resource usage, or execution in the user's environment.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation advertises `workspace remove <name>` for deleting local workspaces but provides no warning, confirmation flow, backup guidance, or scope limits. In a multi-agent management skill operating on local directories, this can lead to accidental data loss or misuse if an operator or downstream agent invokes deletion on the wrong workspace.

Missing User Warnings

High
Confidence
95% confidence
Finding
The CLI performs irreversible workspace deletion immediately with no confirmation, dry-run, or force flag. In an agent-management context where workspaces likely contain code, logs, and operational state, accidental invocation can cause significant data loss and service disruption.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal