ClawHub

node-llama-cpp 安装指南

Security checks across malware telemetry and agentic risk

Overview

The skill is a troubleshooting guide, but it asks users to persistently edit installed OpenClaw files and remove a whitelist without enough scoping, warning, or rollback guidance.

Review this before installing in a managed OpenClaw environment. Use supported OpenClaw configuration mechanisms where possible, get approval before routing memorySearch to the remote embedding endpoint, and do not remove whitelists or edit Program Files/dist artifacts unless you have a documented rollback plan and understand the support and security impact.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The guide instructs users to modify built application code to remove an `agents.defaults` whitelist, which weakens an existing security/control boundary and expands what configuration can be injected or honored by the application. In a skill context, normalizing direct edits to distributed JS under `Program Files` creates a pathway for policy bypass, persistence across troubleshooting steps, and unintended enablement of unsafe agent capabilities.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The document recommends editing system-level files in installation paths and altering application behavior without warning about integrity, supportability, rollback, or recovery risks. This is dangerous because users may disable protections, break update guarantees, or leave hard-to-audit local modifications in privileged locations.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The remote embedding configuration directs memory search traffic to an external/internal API endpoint but does not clearly warn that prompts, memory contents, or embeddings may be transmitted off-host. In an enterprise environment, this can cause unreviewed data egress, privacy violations, or policy noncompliance if sensitive content is embedded remotely.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal