ClawHub

OpenClaw Contributor

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent OpenClaw contribution helper with expected local repo inspection and PR-prep scripts, and no evidence of hidden persistence, exfiltration, or destructive behavior.

Install if you want OpenClaw-specific contribution workflow help. Before running recommended build/test commands in any checkout, review the repo state and scripts as you normally would, and only use the optional PR-body output path where you intend to write a file.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill instructs the agent to run repository scripts and build/test commands, which clearly require shell execution and may lead to file modifications, yet it declares no permissions. This creates a capability/permission mismatch that can bypass user expectations and platform safety controls, especially because the commands are run against a target checkout and include diff-aware helper scripts.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The example trigger phrase "Help me contribute a fix to openclaw/openclaw." is broad enough to match ordinary repository-assistance requests, which can cause the skill to activate in situations beyond the narrow OpenClaw contribution workflow it was designed for. Over-broad activation increases the chance of unintended instruction injection into unrelated tasks, even though the README itself does not contain obviously malicious behavior.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal