ClawHub

Sun Path & Environmental Analysis

Security checks across malware telemetry and agentic risk

Overview

This skill appears to perform the advertised solar, shadow, terrain, and comfort calculations, with ordinary caution needed for local script execution and generated files.

Install only if you are comfortable letting OpenClaw run the bundled Python analysis scripts. Use a virtual environment, consider pinning dependency versions, keep outputs in /tmp or OpenClaw media directories with unique names, and avoid sending sensitive site or DEM-derived images through Telegram unless that sharing is acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (12)

Tp4

High
Category
MCP Tool Poisoning
Confidence
86% confidence
Finding
The declared description is narrower than the documented behavior: the skill also performs annual simulation, DEM/GeoTIFF processing, and raster file I/O. That mismatch is security-relevant because it can cause users or reviewers to underestimate file access patterns, runtime cost, and the kinds of local data the skill can process.

Vague Triggers

Medium
Confidence
79% confidence
Finding
The invocation guidance uses broad categories such as 'when the user asks for sun position, sun path diagram, shadow...' and directs automatic execution, which can cause the agent to run shell commands on loosely matched requests. In a skill with `shell:exec`, ambiguous triggers increase the chance of unintended command execution and unnecessary file creation.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill explicitly instructs the agent to run scripts directly with `exec`, write files into allowed directories, and not ask for confirmation. While not inherently malicious, this removes a safety checkpoint around shell execution and filesystem writes, increasing the risk of unintended operations, misuse of user-supplied paths, or silent persistence of generated artifacts.

Session Persistence

Medium
Category
Rogue Agent
Content
## Sending images to Telegram

Used from the OpenClaw Telegram conversation. Scripts that produce images (`plot_sunpath.py`, `shadow_calc.py`, `comfort_calc.py`, `annual_sun_hours.py --output`, `terrain_shadow.py --plot`) write PNG/JPG to the path you pass. Run the script with an `--output` (or `--plot` and use the script’s default image path), then **send that image file** to the user via the OpenClaw message/media tool so they see it in chat.

**OpenClaw allowed paths:** The message tool only sends files from allowed dirs (`~/.openclaw/media/`, `~/.openclaw/agents/`, or `/tmp`). Always pass an output path under one of these (e.g. `--output ~/.openclaw/media/sunpath.png` or `/tmp/shadow.png`); do not use the skill install directory or sending will fail.
Confidence
84% confidence
Finding
write PNG/JPG to the path you pass. Run the script with an `--output` (or `--plot` and use the script’s default image path), then **send that image file** to the user via the OpenClaw message/media to

Unpinned Dependencies

Low
Category
Supply Chain
Content
pysolar
matplotlib
pytz
shapely
Confidence
95% confidence
Finding
pysolar

Unpinned Dependencies

Low
Category
Supply Chain
Content
pysolar
matplotlib
pytz
shapely
numpy
Confidence
95% confidence
Finding
matplotlib

Unpinned Dependencies

Low
Category
Supply Chain
Content
pysolar
matplotlib
pytz
shapely
numpy
psychrolib
Confidence
95% confidence
Finding
pytz

Unpinned Dependencies

Low
Category
Supply Chain
Content
pysolar
matplotlib
pytz
shapely
numpy
psychrolib
rasterio
Confidence
95% confidence
Finding
shapely

Unpinned Dependencies

Low
Category
Supply Chain
Content
matplotlib
pytz
shapely
numpy
psychrolib
rasterio
Confidence
98% confidence
Finding
numpy

Unpinned Dependencies

Low
Category
Supply Chain
Content
pytz
shapely
numpy
psychrolib
rasterio
Confidence
95% confidence
Finding
psychrolib

Unpinned Dependencies

Low
Category
Supply Chain
Content
shapely
numpy
psychrolib
rasterio
Confidence
96% confidence
Finding
rasterio

Known Vulnerable Dependency: numpy — 10 advisory(ies): CVE-2014-1859 (Numpy arbitrary file write via symlink attack); CVE-2021-41495 (NumPy NULL Pointer Dereference); CVE-2021-33430 (NumPy Buffer Overflow (Disputed)) +7 more

Critical
Category
Supply Chain
Confidence
93% confidence
Finding
numpy

VirusTotal

49/49 vendors flagged this skill as clean.

View on VirusTotal