AuditClaw Github

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate read-only GitHub compliance evidence skill, but one reported check may create false compliance assurance and the local persistence of security metadata deserves review.

Review before installing if you rely on this for audit decisions. Use a narrowly scoped read-only GitHub token, confirm who can read ~/.openclaw/grc/compliance.sqlite, and do not treat the force-push prevention result as authoritative until the check is fixed or independently verified.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 80% confidence
Finding: The skill exposes executable behavior requiring environment variables and shell command execution, but does not declare permissions in a user-facing, policy-style way beyond metadata. This can reduce transparency and informed consent, especially because it invokes Python scripts and accesses a GitHub token from the environment.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 87% confidence
Finding: The skill is presented primarily as performing 9 read-only GitHub checks, but it also stores evidence in a shared SQLite database, updates integration state, invokes an external helper script, and performs connection testing. Even if legitimate, this broader behavior increases the attack surface and can mislead users about local side effects and subprocess execution.

Intent-Code Divergence

Medium

Confidence: 98% confidence
Finding: The check unconditionally records a passing result for force-push prevention without verifying the actual branch protection setting. In a compliance evidence collection skill, this creates false assurance and can cause repositories that permit force pushes to be reported as compliant, weakening governance and audit accuracy.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The skill notes evidence storage, but it does not clearly foreground that collected GitHub security/compliance metadata will be persisted locally in a shared SQLite database. This may expose sensitive organizational configuration details, alert summaries, and security posture information to other local users, tools, or backup systems.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal