ClawHub

add-agent

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says, but it gives a new agent persistent configuration changes and copied authentication access without enough safeguards.

Install only if you intentionally want a skill that can create OpenClaw agents and modify local OpenClaw configuration. Review the generated commands and openclaw.json diff before execution, use trusted parameter values only, and prefer separate least-privilege credentials for the new agent instead of copying the main agent auth profile wholesale.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger is overly broad and allows the skill to activate on loosely similar user phrasing, which increases the chance of accidental execution of a high-impact administrative workflow. In this skill, activation leads to creating a new agent, modifying configuration, copying auth material, and provisioning a Telegram bot binding, so ambiguous invocation materially raises the risk of unintended system changes.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill silently copies auth-profiles.json into the new agent without prominently warning the operator that credentials or authentication context are being duplicated. This expands secret exposure and privilege reach to a newly created agent, potentially enabling unauthorized access, lateral movement, or abuse if the new agent is misconfigured, compromised, or created from an ambiguous request.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill performs destructive administrative actions—backing up and then modifying openclaw.json, creating directories, and later overwriting persona/workspace files—without clearly warning the user up front about these side effects. In context, the danger is elevated because the workflow changes system state across multiple files and services, so a mistaken run can break configuration, overwrite intended content, or create unauthorized operational agents.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal