ClawHub

Agent Hive

Security checks across malware telemetry and agentic risk

Overview

The skill appears legitimate for managing OpenClaw agent teams, but it makes persistent agent, workspace, and service changes while overstating how strongly its budget controls enforce spawn limits.

Install only if you intentionally want a persistent multi-agent OpenClaw setup. Review and back up ~/.openclaw/openclaw.json and existing workspaces first, use simple trusted agent IDs, start with hub-and-spoke permissions where possible, and do not rely on the budget audit as hard enforcement unless you separately verify that allowAgents is actually revoked.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
96% confidence
Finding
The skill declares no required permissions, yet its instructions clearly direct the agent to read and write workspace files, create directories, modify configuration, and create symlinks. This mismatch undermines permission transparency and can cause the skill to perform state-changing filesystem operations without the user or platform being properly alerted to its capabilities.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill contains direct instructions to create directories, write configuration files, create symlinks, modify openclaw.json, and restart a gateway service, but it does not include an explicit warning that these actions alter persistent state and can disrupt running services. In a multi-agent environment, these operations can unintentionally break workspace integrity, corrupt config, or enable broader agent interaction than intended if applied without confirmation and validation.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal