ClawHub

OpenClaw Expert Brain

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed OpenClaw help tool that sends user questions to NotebookLM through the nlm CLI, with no evidence of hidden persistence, destructive behavior, or unrelated data access.

Install only if you are comfortable using the external notebooklm-mcp-cli package and a Google/nlm session for NotebookLM queries. Use it for OpenClaw documentation questions, avoid sending secrets or private data in prompts, and verify important security or operational advice against primary sources.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill invokes `python3` and depends on the `nlm` CLI, which gives it shell execution and likely access to environment-derived configuration, yet no explicit permissions are declared. This creates a trust and review gap: operators may enable the skill without realizing it can execute commands and consume credentials or config from the runtime environment.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The activation phrases include very generic terms like `help`, `ayuda`, `manual`, `how to`, `error`, and `no funciona`, which are likely to match many unrelated conversations. Over-broad triggering can cause the skill to activate unexpectedly and run external tooling, increasing exposure of user queries to the `nlm` backend and causing unintended command execution paths.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
User-supplied questions are forwarded to an external CLI/service without any disclosure in this file that the content leaves the local process boundary. In a security-sensitive agent skill, this can expose secrets, proprietary data, or regulated information if users assume questions are handled locally.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal