ClawHub

OpenClaw Model Manager

Security checks across malware telemetry and agentic risk

Overview

This skill is mostly aligned with model cost management, but its execution mode can spawn kept agent sessions that write workspace files and retain task data without tight limits or clear cleanup controls.

Install only if you want model management plus optional agent orchestration. Use list and plan for low-risk review; run --execute only in a dedicated workspace, avoid sensitive task text unless local retention is acceptable, inspect generated files and kept sessions afterward, and review any routing/config changes before relying on them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
try:
        # Try to call model-benchmarks skill
        cmd = ["python3", "skills/model-benchmarks/scripts/run.py", "recommend", "--task", task_type, "--format", "json"]
        result = subprocess.run(cmd, capture_output=True, text=True, cwd=os.path.expanduser("~/.openclaw/workspace"))
        
        if result.returncode == 0:
            data = json.loads(result.stdout)
Confidence
84% confidence
Finding
result = subprocess.run(cmd, capture_output=True, text=True, cwd=os.path.expanduser("~/.openclaw/workspace"))

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README advertises parallel sub-agent execution and persistent writes to `swarm_memory.json` but does not warn users that running the skill may spawn additional local sessions/processes and retain task-related data on disk. In an agent skill context, omitted disclosure increases the chance that users invoke execution mode without understanding resource consumption, privacy implications, or the persistence of potentially sensitive task contents.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill documents an `enable` command that automatically changes OpenClaw routing/configuration, but it does not clearly warn users that persistent behavior will be modified. This can lead to unintended model selection, cost, quality, or privacy consequences because future tasks may be silently routed differently after the command is run.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The role templates direct the agent to create or modify files in the workspace, but they provide no constraints on when these actions are allowed, what paths are in scope, or whether user confirmation is required. In a multi-role skill, this can lead to unintended file creation or overwriting, especially if an untrusted task_description influences what the agent decides to generate.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
Several templates instruct the agent to use a write tool to create files, but they do not warn the user that the skill will modify the workspace or describe the extent of those changes. This reduces user awareness and consent, increasing the chance of surprising or unsafe file mutations, including overwriting important project files during normal use.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal