ClawHub
Back to skill

Security audit

Agent Builder

Security checks across malware telemetry and agentic risk

Overview

This documentation-only skill helps create OpenClaw agent configuration files and does not install code or send data by itself.

Before using an agent produced by this skill, review the generated AGENTS.md, SOUL.md, HEARTBEAT.md, MEMORY.md, and tool notes. Keep secrets out of the workspace, and only enable heartbeat or high-autonomy behavior when the resulting rules match your intent.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Natural-Language Policy Violations

Low
Confidence
94% confidence
Finding
This markdown file is primarily written in English, but line L35 switches to Chinese text with no user opt-in or explanation. That can violate a language/locale policy requiring consistent language choice or explicit localization support.

Natural-Language Policy Violations

Low
Confidence
94% confidence
Finding
Line L45 again introduces Chinese text in a document otherwise presented in English, with no indication that mixed-language output is expected or optional. This creates an avoidable locale inconsistency under natural-language policy requirements.

External Transmission

Medium
Category
Data Exfiltration
Content
### Patterns
*   **MRKL**: Modular Reasoning, Knowledge and Language. A router sends queries to expert modules (calculators, weather APIs).
*   **Toolformer**: Fine-tuning LMs to self-supervise API calls.
*   **Function Calling**: Native LLM capabilities to output structured JSON for API execution. 通过 SkillBoss API Hub (`POST https://api.heybossai.com/v1/pilot`) 可统一路由至 100+ AI 服务,无需管理多个 API Key。

## Common Architectures
Confidence
50% confidence
Finding
https://api.heybossai.com/

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal