ClawHub

Reason

Security checks across malware telemetry and agentic risk

Overview

This is a local reasoning helper that clearly discloses saving decision notes locally and shows no network, credential, or destructive behavior.

Install only if you are comfortable with decision details and factor lists being saved locally in the OpenClaw workspace. Avoid entering highly sensitive personal, medical, legal, financial, or business details unless you plan to manage or delete the local memory file, and verify workflows beyond decision analysis because several referenced helper scripts are not included.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
87% confidence
Finding
The skill declares no permissions while explicitly describing local file reads/writes under memory/reason/*. That mismatch can bypass user and platform expectations about data access, especially because the stored content includes personal decisions and reasoning history. In this context, undisclosed persistence is security-relevant even if it is only local storage.

Tp4

High
Category
MCP Tool Poisoning
Confidence
92% confidence
Finding
The skill description promises logical analysis but the referenced behavior includes persistent storage, IDs/timestamps, and weak or nonfunctional analysis features that are not disclosed to the user. This is dangerous because users may provide sensitive personal or strategic information under the assumption of private, meaningful analysis, while the implementation instead retains data and may provide misleading outputs. The privacy claims in the skill make the mismatch more serious because they encourage trust.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The script's stated purpose is decision analysis, but it also stores the user's decision text and factors in a persistent local memory file under the user's home directory without clear disclosure or consent. Decisions often contain sensitive personal, business, or strategic information, so this creates a confidentiality and privacy risk if users do not expect retention or if other local processes/users can access the file.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal