Back to skill

Security audit

Skill Dependencies

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly coherent dependency-management tooling, but its installer can persistently add multiple registry-sourced skills without a separate confirmation step.

Use the scan, tree, search, and conflict commands as normal dependency tools. Before running skill-install.sh, manually review the full dependency set and publisher trust because it can install additional ClawHub skills persistently and may affect future OpenClaw behavior.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill advertises and documents shell-based operations such as running local scripts, but it does not declare permissions or boundaries for that capability. Undeclared shell access increases the chance that an agent or user invokes environment-modifying commands without appropriate review, especially because the documented commands enumerate local filesystem paths and installation actions.

Tp4

High
Category
MCP Tool Poisoning
Confidence
94% confidence
Finding
The stated purpose focuses on dependency analysis, but the content also includes conflict scanning, package installation, registry search, and implied outbound access to a remote registry. That gap matters because users may invoke the skill expecting passive analysis while it can perform active environment modification and network-retrieval behavior, which meaningfully expands the attack surface.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation describes installing skills and auto-resolving dependencies but does not prominently warn that these actions modify the local environment and may pull additional packages. In agent-driven contexts, omission of that warning can lead to silent changes, unintended dependency expansion, or installation of untrusted content from a registry.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script performs package-management style installation actions immediately after dependency resolution, using non-interactive flags such as '--yes' and otherwise invoking install commands without any approval prompt. Because the target skill set is derived from remote metadata and recursive dependency resolution, a user can end up installing additional skills they did not explicitly review, increasing the risk of unintended or malicious code being brought into the environment.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.