ClawHub

@blasrodri/clawguard

Security checks across malware telemetry and agentic risk

Overview

ClawGuard’s budget and DLP behavior mostly matches its stated purpose, but it ships a setup helper that can directly grant OpenClaw operator privileges and clear pending approvals.

Review this carefully before installing. The governance features are plausible and VirusTotal/static scan were clean, but do not run any setup helper unless you intentionally want it to change OpenClaw device authorization files. If you install it, configure DLP/audit settings deliberately, check where audit and budget files are written, and avoid enabling webhook notifications unless you are comfortable sending budget/security event metadata to that URL.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
This script directly edits OpenClaw's authoritative local device state to add privileged scopes (`operator.write`, `operator.pairing`) and then clears `pending.json`, effectively bypassing the normal approval workflow. In a setup/post-install context this is especially dangerous because it silently escalates local agent privileges and suppresses outstanding approvals without an explicit user confirmation or integrity check.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The manifest explicitly requests conversation access and advertises DLP scanning plus audit logging, which implies inspection and possible retention of user prompts and model outputs. Without any user-facing disclosure or consent mechanism in the manifest, sensitive data may be collected unexpectedly, creating privacy, compliance, and trust risks even if the plugin’s stated purpose is defensive.

VirusTotal

62/62 vendors flagged this plugin as clean.

View on VirusTotal