ClawHub

Fact Cross Check

Security checks across malware telemetry and agentic risk

Overview

This is a coherent fact-checking skill that only instructs the agent to use built-in web search/fetch tools, though its activation wording is broad enough to trigger more often than some users may expect.

Install this if you are comfortable with verification or discovery prompts being sent to your configured OpenClaw web search provider. Avoid using it for confidential private claims, internal business details, or sensitive personal information unless that provider is acceptable for those queries.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The README states the skill activates automatically for broadly phrased requests like fact verification or cross-checking, but does not clearly constrain scope, required user intent, or safety boundaries. Overly broad activation can cause the skill to trigger in unintended contexts, potentially routing sensitive, ambiguous, or higher-risk requests into web search/fetch workflows without sufficiently specific user consent or task narrowing.

Vague Triggers

High
Confidence
92% confidence
Finding
The trigger list includes very common terms such as 'verify', 'find and verify', and especially broad Chinese terms like '尋找' and '搵' that can appear in many ordinary requests. This can cause unintended skill activation, sending user queries to web_search/web_fetch and changing agent behavior when the user did not specifically intend to invoke this skill.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal