ClawHub

Security Hardener

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed local OpenClaw security auditing tool whose write actions are user-invoked and purpose-aligned, with operational cautions around auto-fix behavior.

Install this only if you want a local OpenClaw configuration hardening helper. Start with the read-only audit or report commands, review the exact findings, and run fix only when you are comfortable with persistent changes to gateway binding, auth options, exec sandboxing, and file permissions. Treat reports and backup files as sensitive because they can reveal security posture and may include original configuration contents.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill advertises and instructs use of capabilities that can read configs, write fixes, and invoke shell commands, but it does not declare permissions. That mismatch undermines transparency and policy enforcement, making it easier for a caller to trigger filesystem changes or command execution without an explicit trust signal.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The auto-fix path modifies the configuration and file permissions immediately, without interactive confirmation, dry-run support, or validation of whether changes are safe for the current deployment. In a security-hardening tool, this can cause unintended denial of service or misconfiguration by forcing settings like loopback binding and restricted sandboxing in environments that rely on different values.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal