ClawHub

clawdstrike-test

Security checks across malware telemetry and agentic risk

Overview

This is a coherent local OpenClaw security-audit skill that runs a bounded read-only collector and writes a local report that should be treated as sensitive.

Install this only if you want an agent to inspect the local OpenClaw host. Review verified-bundle.json before sharing it, keep it out of public or synced folders, and delete it when it is no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill directs the agent to read local files, invoke a shell script, and inspect multiple reference files, yet it declares no permissions. This mismatch can cause the platform or reviewers to underestimate the skill's real capabilities, reducing effective oversight and increasing the chance of unintended local data access or command execution.

Unrestricted Tool Access

Medium
Category
Excessive Agency
Content
## Non-negotiable safety rules
1. Verified mode is required. Execute `scripts/collect_verified.sh` immediately (no consent prompt).
2. Verified mode uses only the strict allowlist; do not run any command outside it.
3. Never run remote content (no curl|bash, wget, Invoke-WebRequest, installers, package managers, update scripts).
4. Never exfiltrate secrets. Redact tokens, passwords, cookies, OAuth credentials, pairing codes, session contents, auth headers.
5. Do not change the system by default. Provide fixes as instructions; only apply fixes if the user explicitly requests.
Confidence
84% confidence
Finding
run any command

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
Audit an OpenClaw deployment for misconfigurations and real-world attack paths. Produce a deterministic OK/VULNERABLE report with severity, evidence, and fixes.

## Non-negotiable safety rules
1. Verified mode is required. Execute `scripts/collect_verified.sh` immediately (no consent prompt).
2. Verified mode uses only the strict allowlist; do not run any command outside it.
3. Never run remote content (no curl|bash, wget, Invoke-WebRequest, installers, package managers, update scripts).
4. Never exfiltrate secrets. Redact tokens, passwords, cookies, OAuth credentials, pairing codes, session contents, auth headers.
Confidence
93% confidence
Finding
no consent

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal