ClawHub

Cyber Growth

Security checks across malware telemetry and agentic risk

Overview

This growth tracker is mostly coherent, but it persistently auto-logs work activity and has unsafe input handling that can exceed its stated local-tracking purpose.

Review before installing. Use manual mode or explicit opt-in only, avoid recording secrets or untrusted text, and do not enable cron, heartbeat reports, or Feishu-style forwarding unless recipients and data fields are clear. The record-writing implementation should be fixed to pass inputs safely to Python before automatic logging is used.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill clearly instructs the agent to invoke shell scripts that append to files under ~/.openclaw/memory, but the skill metadata shown in this file does not declare corresponding permissions. That mismatch is dangerous because it obscures the skill's write capabilities from reviewers and users, reducing transparency and increasing the chance of unauthorized local data modification or persistence.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The description directs the agent to automatically record task and conversation-derived events and to send scheduled reports, but it does not require informed user consent or provide a privacy warning. This creates a stealth collection risk because users may not realize their activity summaries are being persisted and later transmitted.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The Feishu Bitable sync feature enables automatic transfer of logged entries to an external service without a user-facing warning in the skill content. External syncing materially raises privacy risk because conversation-derived descriptions, domains, and performance-like metadata may leave the local environment and become accessible to third parties.

Missing User Warnings

Medium
Confidence
80% confidence
Finding
The script creates and updates a persistent file under the user's home directory without prominent disclosure in the command interface. In an agent skill context that may be invoked automatically, silent persistence can surprise users, retain sensitive activity history, and create privacy risk if the file is later read by other tools or users on the same system.

Missing User Warnings

Medium
Confidence
72% confidence
Finding
The code path is designed to support sending user activity data to Feishu when configuration fields are present, but the command interface does not clearly warn users that records may be transmitted off-host. In an agent skill that automatically logs completed tasks, such external sync could disclose sensitive work history, descriptions, or metadata if later implemented or extended without strong consent controls.

Ssd 3

Medium
Confidence
97% confidence
Finding
The skill instructs proactive logging of conversation-derived activity and scheduled reporting, which creates a direct data leakage pathway from normal interactions into stored summaries and outbound communications. In this context, the danger is elevated because the content encourages silent background collection rather than user-requested, narrowly scoped recording.

Ssd 3

High
Confidence
99% confidence
Finding
The morning report section explicitly states that generated status panels and summaries are sent to 'Boss', which is an external recipient relative to the conversation context. This is dangerous because it normalizes exfiltration of accumulated user/task activity to a third party, potentially including sensitive work patterns, project details, or inferred performance information.

Ssd 3

Medium
Confidence
98% confidence
Finding
The integration guidance tells the agent to record events proactively without waiting for the user, encouraging silent collection of conversation-derived details. Even if intended for productivity tracking, this design increases privacy risk by broadening capture beyond what the user explicitly requested and making logging a default background behavior.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal