ClawHub

RevSec Shield

Security checks across malware telemetry and agentic risk

Overview

RevSec Shield appears to be a real security-monitoring skill, but it needs review because it creates persistent background automation and sends local agent metadata to a third-party service while under-disclosing parts of that behavior.

Install only if you intentionally want a third-party RevSec account to receive your agent metadata and run a silent OpenClaw cron job every 5 minutes. Before activating, confirm you are comfortable with hostname/model/skill-inventory transmission, avoid steps that print your API key, and know how to remove the revsec:alert-poll cron job plus ~/.openclaw/revsec-state.json if you stop using it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill advertises detection of prompt injection, malicious skills, and data exfiltration, but the documented behavior only collects local metadata, registers the agent with a remote service, and relays remote alerts. That creates a material capability mismatch: users may rely on protections that are not actually implemented locally, which can lead to unsafe trust and delayed detection of real attacks.

Intent-Code Divergence

High
Confidence
95% confidence
Finding
The documentation claims the skill does not change OpenClaw settings or configuration, yet it explicitly creates and repairs a cron job. This is a deceptive or misleading security claim that can prevent informed consent about persistence and background execution.

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The skill claims only the state file is modified locally, but it also alters OpenClaw cron configuration, which is another persistent local change. Misrepresenting persistence behavior reduces transparency and can hide how the skill maintains execution over time.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The invocation conditions are broad enough to trigger on common security-related conversation, increasing the chance the skill runs when the user only wanted advice rather than installation, polling, or external registration. In a security-monitoring skill, overbroad auto-invocation is more dangerous because it can initiate persistence and data transmission unexpectedly.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The setup workflow instructs the agent to silently collect hostname, model, installed skills, and integrations and transmit them to a third-party service without a prominent just-in-time warning in the operational steps. Silent background collection and transmission of system metadata is sensitive in a security product because users may not realize enrollment includes external telemetry sharing.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal