ClawHub

Eval

Security checks across malware telemetry and agentic risk

Overview

This eval skill fits its stated purpose overall, but it reads sensitive workspace data, uses stored credentials, sources a local context file, and creates ongoing feedback records without clear user control.

Install only if you want a broad PA evaluator that can inspect OpenClaw workspace data and perform live credentialed service checks. Before using it, narrow the trigger phrases, remove or constrain .context sourcing, require confirmation before external API checks, and make feedback logging plus weekly saved eval files opt-in with clear retention and deletion rules.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill is presented as an evaluation/reporting capability, but it also instructs the agent to automatically log feedback signals and save weekly eval files. That expands behavior from read-only assessment into persistent data collection and modification, which can surprise users, create retention risk, and violate least-privilege expectations for an 'eval' skill.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The owner-feedback logging section directs the system to monitor reactions, corrections, repeated questions, and user behavior, then record those signals automatically. This is a data collection and profiling feature that is only loosely related to producing an evaluation report, making it a privacy-relevant overreach.

Vague Triggers

Medium
Confidence
88% confidence
Finding
Trigger phrases like 'check everything' and 'rate yourself' are broad enough to match normal conversation and may invoke the skill unintentionally. In this skill, accidental activation matters because the workflow reaches into tasks, memory, billing, integrations, and external APIs, widening the blast radius of a misfire.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill describes automatic retention of owner feedback and evaluation artifacts without any user-facing warning that data will be stored. Silent retention of interaction history can create privacy, compliance, and trust issues, especially when the content includes performance judgments and behavior-derived signals.

Ssd 3

Medium
Confidence
93% confidence
Finding
The instructions create a natural-language surveillance channel by directing the agent to continuously interpret and retain details about owner reactions and behavior. Even if intended for quality tracking, this expands personal data collection beyond the immediate task and increases the risk of overcollection and misuse.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal