ClawHub

Crash Snapshots

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real local backup skill, but its install path and automation claims need review before use.

Install only after reviewing the repository contents and install.sh yourself. Prefer a pinned release or commit, avoid global npm changes unless you accept them, and confirm exactly when backups run and where backup copies are stored.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill advertises and demonstrates shell-based installation and execution but does not declare corresponding permissions. This creates a transparency and policy-enforcement gap: users or the hosting platform may treat the skill as lower-risk than it is, while it can still invoke shell commands such as curl, tar, cp, rm, ls, and node.

Tp4

High
Category
MCP Tool Poisoning
Confidence
96% confidence
Finding
The skill claims automatic backup before every write/edit, but the documentation only shows manual invocation or reliance on external hook configuration, and the backup location is per-file-directory rather than a single central path. This mismatch can cause users to assume protections exist when they do not, increasing the chance of silent data loss during edits or crashes.

Context-Inappropriate Capability

Medium
Confidence
86% confidence
Finding
The installer performs a global npm installation of `tsx`, which modifies the host environment beyond the narrow purpose of a file-backup skill. Even if intended for convenience, global package installation introduces supply-chain and system-integrity risk, especially when the skill is advertised as a simple backup utility and may be run via `bash <(curl ...)`.

Missing User Warnings

Low
Confidence
80% confidence
Finding
The script performs system-modifying actions (`npm install -g` and `chmod +x`) without an explicit upfront warning or confirmation. This is risky because users may execute the installer expecting a local skill setup, while it silently changes global tooling and file permissions on their machine.

Chaining Abuse

High
Category
Tool Misuse
Content
## 🚀 一键安装

```bash
mkdir -p ~/.openclaw/skills && cd ~/.openclaw/skills && curl -fsSL https://github.com/olveww-dot/openclaw-hermes-claude/archive/main.tar.gz | tar xz && cp -r openclaw-hermes-claude-main/skills/crash-snapshots . && rm -rf openclaw-hermes-claude-main && echo "✅ crash-snapshots 安装成功"
```
## 使用方式
Confidence
90% confidence
Finding
&& rm -

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal