ClawHub

skill-1

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it claims, but it can install and uninstall 1Panel applications, including batch removals, without built-in confirmation or preview safeguards.

Install only if you trust this skill to administer your 1Panel server. Use a least-privilege API key if possible, verify how OpenClaw stores the saved key, and avoid using this against production systems unless the agent workflow requires explicit human confirmation before install, uninstall, or batch uninstall actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (10)

Lp3

Medium
Category
MCP Least Privilege
Confidence
80% confidence
Finding
The skill documentation explicitly instructs users to provide and persist API credentials via environment variables and a gateway config file, but no declared permissions are shown for accessing environment-backed secrets or persisted configuration. This creates a trust and transparency gap: users and reviewers cannot clearly see that the skill handles sensitive configuration material, which increases the chance of accidental overexposure or misuse.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill describes uninstalling applications as a normal workflow without an explicit warning that removal may be destructive, irreversible, or service-impacting. In an app management context, this can lead to accidental deletion of running services or dependent applications if the agent executes user requests too eagerly.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The instructions tell users to persistently store a 1Panel API key in gateway configuration without clearly warning that this is sensitive credential material. Persisting API keys without clear handling guidance increases the risk of credential leakage through config files, backups, logs, or overly broad filesystem access.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The installApp function performs a state-changing action that installs software based entirely on provided inputs, with no built-in confirmation, policy check, or safety gating. In an agent skill context, this is risky because an LLM or upstream automation could trigger package installation from ambiguous or manipulated user requests, causing unauthorized software deployment.

Missing User Warnings

High
Confidence
97% confidence
Finding
The uninstallApp function issues a destructive delete operation immediately after receiving an installId, without any confirmation, preview, or safeguard. In an agent-operated app store skill, this creates a high-risk path for accidental or adversarial prompts to remove installed applications, potentially causing service disruption or loss of required functionality.

Missing User Warnings

High
Confidence
98% confidence
Finding
The batchUninstallByName function magnifies the risk by mapping user-provided names to installed apps and deleting them in a loop, again with no confirmation or review step. This enables broad destructive impact from a single mistaken or malicious instruction, making prompt injection, misunderstanding, or name ambiguity significantly more dangerous in this skill’s context.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill accepts an API key and states that the configuration will be persistently saved, but it provides no user-facing warning that a sensitive credential is being stored for future sessions. This can cause users to disclose high-privilege secrets without understanding retention, increasing the chance of credential misuse or compromise if storage is weak.

Missing User Warnings

High
Confidence
96% confidence
Finding
The uninstall tool performs a destructive system action with no explicit confirmation, warning, or dry-run behavior. If triggered accidentally, through ambiguous user intent, or via prompt-manipulated workflow, it can remove deployed applications and cause service outage or data loss.

Missing User Warnings

High
Confidence
97% confidence
Finding
Batch uninstall by ID enables multiple destructive changes in a single action without any confirmation or guardrails. A mistaken ID list, coerced agent action, or malicious instruction chain could remove several applications at once, amplifying outage and recovery impact.

Missing User Warnings

High
Confidence
98% confidence
Finding
Batch uninstall by name is especially risky because names may be ambiguous and the operation is destructive at scale, yet the tool lacks any confirmation or preview of what will be removed. This increases the chance of unintended deletions and makes prompt-driven misuse more damaging.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal