ClawHub

.Chef Complete Test

Security checks across malware telemetry and agentic risk

Overview

This looks like a recipe-generation skill, but its package is incomplete and its installer has local filesystem side effects that users should review before installing.

Treat this as a Review item, not known malware. Before installing, wait for or inspect a complete package that includes the missing recipe scripts, and be aware that the installer may write local files, change executable permissions, and copy the skill into your OpenClaw skills directory.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill declares no explicit permissions while advertising shell-based installation via `./install.sh`, which creates an undeclared capability gap. This is dangerous because users and hosting platforms may trust the benign cooking description while the skill can execute local commands and modify the filesystem during install.

Tp4

High
Category
MCP Tool Poisoning
Confidence
96% confidence
Finding
The documented purpose is recipe generation, but the referenced behavior includes deployment into `$HOME/.openclaw/workspace/skills`, permission changes, file creation, and directory copying. This mismatch is risky because it hides operational side effects behind an innocuous skill category, increasing the chance of users consenting to broader local changes than expected.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation instructs users to run an installation script without clearly warning about system modifications. This is dangerous because shell installers can alter files, permissions, and directories, and lack of disclosure undermines informed consent for local changes.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal