ClawHub

安全配置流程

Security checks across malware telemetry and agentic risk

Overview

This skill is mostly a legitimate OpenClaw configuration helper, but it gives an agent broad authority to modify live config and persist learned config values without clear secret-redaction limits.

Install only if you want an agent to help manage OpenClaw configuration. Before using it, require explicit confirmation for every change, especially auth/session/model settings, and instruct the agent not to store secrets, tokens, hostnames, user-specific paths, raw diffs, or credential-like values in MEMORY.md. Review doctor --fix changes and backups before relying on the repaired configuration.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The skill instructs the agent to persist learned configuration details into MEMORY.md after running repairs. Persistent cross-task memory can retain sensitive configuration values, tokens, endpoint details, or operational patterns beyond the immediate user request, expanding data exposure and violating least-retention principles. In this context, config workflows commonly touch authentication and gateway settings, which makes persistent logging more dangerous than ordinary note-taking.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger conditions include broad phrases like modifying configuration, gateway settings, channel configuration, model/session/auth configuration, and anything involving the OpenClaw config path. Over-broad activation can cause the skill to engage on loosely related requests and perform high-impact config operations, confirmations, logging, and repair steps in situations the user may not have intended. Because this skill can edit local config and invoke repair commands, mistaken activation materially increases risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal