ClawHub

Fix Exec Allowlist Miss

Security checks across malware telemetry and agentic risk

Overview

This skill is coherent but asks an agent to change security-relevant gateway exec/profile settings, with inconsistent patch instructions that could cause unsafe or unintended configuration changes.

Review before installing. This skill is not showing malware-like behavior, but it guides an agent to broaden gateway exec/profile settings persistently. Only use it if you understand the OpenClaw gateway config change, verify the current config with config.get first, require hash-verified patches, and keep a rollback path for the previous profile/security settings.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The skill gives mutually incompatible instructions for the type and format of the config.patch raw parameter, showing both stringified object examples and later stating that raw must be an object, not a string. In an operational skill that changes gateway configuration, this ambiguity can cause failed patches, misconfiguration, or unsafe operator workarounds while attempting to restore exec permissions.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The skill description states that config patching requires obtaining baseHash from config.get first, but earlier workflow steps instruct users to patch configuration without supplying baseHash. For a hash-verified atomic patch workflow, omitting baseHash can bypass intended concurrency safeguards or cause rejected updates, which is especially risky because the skill is guiding changes to security-relevant settings such as exec/profile configuration.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal