ClawHub

Auto Security Audit

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed security-audit skill whose scanning, reporting, and optional scheduling match its stated purpose, though users should handle reports and dependency installation carefully.

Install and run this only on systems you own or are authorized to test. Verify the nuclei download before placing it in /usr/local/bin, protect the generated reports under the OpenClaw workspace, and enable the cron or Feishu/Lark summary workflow only if recurring scans and external notification delivery are intended.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
def run(cmd, timeout=120):
    try:
        r = subprocess.run(cmd, shell=True, capture_output=True, text=True, timeout=timeout)
        return r.stdout + r.stderr
    except subprocess.TimeoutExpired:
        return "[TIMEOUT]"
Confidence
95% confidence
Finding
r = subprocess.run(cmd, shell=True, capture_output=True, text=True, timeout=timeout)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
Security scan results can contain sensitive host details, open ports, software versions, vulnerabilities, login history, and patch status. Promoting scheduled scans and report delivery without warning about storage, access control, and transmission sensitivity can lead to inadvertent leakage of reconnaissance-grade data.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The script performs intrusive local and external security scans, inspects system configuration, login history, firewall rules, listening services, and package status, then writes a consolidated report to disk without any consent gate, authorization check, or warning. In an agent skill context, this creates a privacy and operational risk because it can expose sensitive host and network information and trigger unauthorized scanning behavior.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal