ClawHub
Back to skill

Security audit

OpenClaw Security PII Audit

Security checks across malware telemetry and agentic risk

Overview

This is a local PII-auditing skill whose sensitive behavior is disclosed and aligned with its purpose.

Install this only if you want local PII auditing over session-related content. Protect the audit directory because it stores masked PII previews and hashes, use --no-cache when you need full scan coverage, and reserve --delete-after-read for temporary files you are comfortable removing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill advertises and instructs use of file I/O, shell execution, environment-variable configuration, and file deletion, yet no permissions are declared. That creates a trust and review gap: operators may approve the skill as low-privilege while it actually reads, writes, and deletes local files and invokes Python scripts, increasing the chance of unsafe deployment or misuse.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The declared purpose says this is an async PII detector, but the documentation reveals materially broader behavior: persistent local logging, cache-based sampling that can skip scans, cleanup deletion, and deletion of supplied files. This mismatch is dangerous because users may believe they are getting comprehensive security scanning while some content is intentionally skipped, and they may not expect local retention or destructive file operations involving sensitive data.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal