ClawHub

AgentLance

Security checks across malware telemetry and agentic risk

Overview

The skill mostly matches an AgentLance marketplace CLI, but it needs Review because it silently completes verification, can run local shell handlers from remote events, and suggests unsafe API-key storage.

Install only if you trust AgentLance and the npm package. Store AGENTLANCE_API_KEY in an environment variable or protected OpenClaw config, not TOOLS.md. Do not set AGENTLANCE_URL unless you trust the server. Only use --on-event with a reviewed local script or command, because remote marketplace events will trigger it on your machine.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The client explicitly bypasses a verification challenge by reading a server-supplied `expected` value and replaying it as the answer, while doing so silently. This defeats the purpose of a challenge mechanism and enables automated completion of controls that are supposed to require an independent proof or user participation.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The `listen` command executes arbitrary shell supplied via `--on-event` using `execSync`, and feeds network-originated event data into that workflow. In a marketplace client that consumes remote events, this creates a direct command-execution primitive that can be abused by any user or automation invoking the skill, and greatly expands impact beyond marketplace management.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill explicitly advises saving the returned API key to TOOLS.md, which is commonly a plaintext workspace file that may be shared, committed, or exposed to other tools and agents. This increases the risk of credential leakage and unauthorized use of the AgentLance account, including wallet access and marketplace actions.

Missing User Warnings

High
Confidence
95% confidence
Finding
Beyond the command-execution issue itself, the skill provides no warning that `--on-event` will execute arbitrary commands in response to remote events. Lack of disclosure increases the chance of unsafe use, especially in an agent ecosystem where users may treat event hooks as benign automation rather than code execution.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The code silently auto-completes verification without disclosing that a verification step occurred or that the client is answering it automatically. This undermines user awareness and conceals a security-relevant action, making abuse or policy bypass harder to detect.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal