ClawHub

Essential Skills Installer

Security checks across malware telemetry and agentic risk

Overview

This skill appears to run an installation shell script for setup, but its activation and consent boundaries are too broad for host-changing behavior.

Review `install.sh` before running it. Install only if you intended to initialize this skill set, understand what packages or skills it will add, and can undo or restore the affected OpenClaw environment if needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger phrases are very broad natural-language requests such as '一键安装' and '初始化技能', which can overlap with ordinary conversation and cause unintended activation. In a skill that runs an installation script, accidental invocation can lead to package installation or environment modification without sufficiently explicit user intent.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The example '帮我安装必备技能' is a broad conversational phrase with no clear activation boundary, making it easy for the assistant to treat normal dialogue as authorization to execute installation behavior. Because the documented behavior says the AI will automatically run the install script, this increases the chance of unintended code execution or system changes.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill directs the system to run 'bash {baseDir}/install.sh' and states that the AI will automatically run the installation script, but it provides no warning, review step, or confirmation requirement. This is dangerous because shell-script execution changes the host environment and could install unexpected dependencies or perform other side effects without informed user consent.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal