ClawHub

OpenClaw Smart Agent Hub

Security checks across malware telemetry and agentic risk

Overview

This is a coherent model-routing helper, with expected credential configuration and local model discovery behavior that users should review before use.

Before installing, use environment variables instead of inline API keys, verify config/models.yaml is ignored by Git, review local_discovery endpoints before running the script, and install dependencies in a controlled environment if this is used in a sensitive workspace.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill documentation exposes operational commands and capabilities that imply environment access, file reads/writes, and network interactions, but the skill declares no permissions. This creates a trust and review gap: users or hosting platforms may treat the skill as low-privilege while it can manage provider configs, scan local services, and contact external model providers. In a multi-provider routing skill, undeclared network and local file capabilities are especially relevant because they may touch API keys, configuration files, and local service endpoints.

Missing User Warnings

Low
Confidence
83% confidence
Finding
The README instructs users to run automatic local model scanning but does not clearly warn that the action will actively probe localhost services and enumerate locally exposed model endpoints. In this skill’s context, that behavior is expected functionality rather than overtly malicious, but the lack of disclosure can surprise users and lead to unintended interaction with locally running services.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The local model scan performs outbound HTTP requests to configured endpoints and persists discovery results to a cache file without any explicit user notice, confirmation, or access control. In this skill's context, the behavior is expected for provider discovery, but it still creates privacy and transparency risks because scanning can contact arbitrary configured URLs and write potentially sensitive local environment details to disk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal