ClawHub

Skill

Security checks across malware telemetry and agentic risk

Overview

This skill does what it advertises, but it enables ongoing third-party telemetry and stores secrets with too little upfront control or privacy detail.

Review before installing if your agent handles private prompts, customer data, proprietary code, or regulated information. Confirm what diagnostics-otel sends, how to disable collection and the daily schedule, keep openclaw.json and ~/.openclaw/.env out of version control, and inspect each proposed diff before applying or reverting fixes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The skill claims that only metadata is sent and that message content is not transmitted, but the setup merely enables a generic diagnostics/OTel plugin and does not enforce field-level redaction or content exclusion. This can mislead users into consenting to telemetry under false assumptions, creating a real risk of sensitive prompt, response, or trace content being exfiltrated to the vendor.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill initiates external authentication and telemetry setup on first activation without an upfront warning that agent trace data will be sent to third-party endpoints. Even if the feature is legitimate, silently enabling outbound observability changes the user's privacy and trust boundary and can expose operational metadata without informed consent.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill directs storage of an API key in both project and home configuration files without first warning the user about local credential persistence and exposure risks. Writing secrets into repo-adjacent files and user env files can lead to accidental commits, local disclosure, or reuse by other tools if file permissions and secret-handling practices are not controlled.

Missing User Warnings

Low
Confidence
90% confidence
Finding
The skill schedules daily automated briefing checks, which create recurring background network activity, but does not clearly warn the user beforehand. Persistent autonomous polling can surprise users, leak usage patterns, and expand the attack surface if the external service or credentials are later compromised.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal