ClawHub

G.workspace

Security checks across malware telemetry and agentic risk

Overview

This is a coherent G.workspace integration, but it can permanently delete shared workspace files and mutate workspace/task state with limited safeguards.

Install only if you trust the G.workspace backend and are comfortable giving Discord/OpenClaw commands and agent tools the ability to expose workspace metadata and change shared workspace state. Before production use, add confirmation and role checks for delete, empty-trash, workspace creation, and task-completion actions, and avoid storing sensitive files unless Discord channel access and backend permissions are tightly controlled.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
86% confidence
Finding
The skill documentation describes a plugin that communicates with a localhost REST API but does not declare network capability or permissions. Undeclared network access reduces transparency for reviewers and users, making it easier for a skill to perform unexpected API communication or be later modified to reach non-local endpoints without scrutiny.

Tp4

High
Category
MCP Tool Poisoning
Confidence
93% confidence
Finding
The documented purpose focuses on slash-command file-space management, but the skill also exposes AI tools, task workflow operations, and button interaction handlers that materially expand its behavior. This mismatch is dangerous because hidden or under-disclosed capabilities increase the attack surface, can enable unintended agent actions, and prevent administrators from making informed trust decisions about what the plugin can actually do.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The gworkspace_create agent tool can create a workspace immediately with no user-facing confirmation, approval step, or contextual warning. In an agentic environment, that enables unintended state changes from prompt injection, operator misunderstanding, or over-broad tool access, especially because it acts on an arbitrary guild_id parameter.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The /ws_delete command performs a destructive action as soon as it resolves a matching file, with no confirmation prompt and even allowing partial-name matching. That combination increases the chance of accidental or induced deletion of the wrong file through ambiguous input or social/prompt manipulation.

Missing User Warnings

High
Confidence
97% confidence
Finding
The trash-empty path permanently deletes all trashed files immediately and iteratively, without any explicit confirmation or safeguard. Because this is irreversible bulk destruction, accidental invocation or malicious instruction to an agent could cause significant data loss across the workspace.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal