ClawHub

OpenClaw Config Field Validator

Security checks across malware telemetry and agentic risk

Overview

This appears to be a local OpenClaw config validator; its file reads, cache writes, and version check fit that purpose, with no evidence of hidden data sharing or destructive behavior.

Install from a verified ClawHub source, not the README's placeholder GitHub URL. Use it only on OpenClaw config files you intend to validate, and be aware it may create or update a local schema cache and run openclaw --version.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
87% confidence
Finding
The skill advertises shell, file read, and file write capabilities without declaring permissions, which weakens reviewability and allows users or calling agents to underestimate what it can actually do. In this context, the skill performs local schema syncing, cache writes, and command execution, so the undeclared capability gap creates a real trust and least-privilege problem even if the functionality appears operationally legitimate.

Tp4

High
Category
MCP Tool Poisoning
Confidence
91% confidence
Finding
The skill description frames the behavior as configuration-field validation, but the documented workflow includes downloading schema data from GitHub, invoking subprocess/version detection, generating documentation, and writing persistent files under the user's home directory. That mismatch is dangerous because operators may approve or invoke the skill expecting passive validation, while it actually performs broader filesystem, shell, and potentially networked state-changing actions that increase attack surface and supply-chain risk.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The README states the skill 'automatically triggers when working with OpenClaw configurations' without defining exact activation conditions, scope, or guardrails. In agent ecosystems, vague auto-trigger behavior can cause the skill to run in broader contexts than intended, potentially influencing config reads/writes or validation decisions unexpectedly.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal