ClawHub

librarian companion

Security checks across malware telemetry and agentic risk

Overview

The skill is a legitimate local-library search helper, but its broad trigger phrases can start shell-backed searches of private library content too easily.

Install only if you intend OpenClaw to search your local Librarian library. Keep the indexed library limited to material you are comfortable exposing in chat, and prefer explicit invocations such as "librarian:" or "librarian search" until the trigger rules are narrowed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The documented trigger phrases are broad and conversational enough that the skill may activate on ordinary user messages rather than an explicit opt-in command. In a search skill, unintended activation can cause misrouting of prompts, unplanned access to local library metadata or search results, and interference with higher-priority skills or normal conversation flow.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger phrase `research` is broad enough to match ordinary conversation and may cause the skill to activate unintentionally. Because the skill can proceed toward shell-backed execution, accidental activation expands attack surface and can route unrelated user text into command/query-building logic that was not intended to run.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The activation rules allow broad topical keywords alone to trigger the skill, which makes over-activation likely in normal dialogue. In a skill that reads metadata and calls a shell wrapper, ambiguous activation can cause unintended file access or command execution attempts on user text that was merely conversational.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal