ClawHub

Imperial Orchestrator

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed multi-model router that makes user-directed API calls and writes local state, with no evidence of hidden exfiltration or destructive behavior.

Install only if you are comfortable with the skill reading your OpenClaw model configuration, using configured API credentials, sending prompts or benchmark tasks to model providers, and storing routing/audit/session files locally. Avoid secrets or regulated data in prompts, use --no-review when you do not want secondary review calls, and point STATE_FILE, AUDIT_FILE, BENCHMARK_FILE, and SESSION_DIR to controlled locations if retention matters.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The documentation explicitly directs users to perform real API probes against provider endpoints and write health/state snapshots such as `.imperial_state.json` without a prominent warning about privacy, credential handling, or local filesystem side effects. In a routing skill that reads OpenClaw config and validates models, this can leak provider metadata, persist sensitive operational state, or surprise users with outbound traffic and modified files.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The README explicitly instructs users to run scripts that discover models, probe providers, make real API calls, and write `.imperial_state.json`, but it does not clearly warn that these actions can trigger network activity, consume paid API quota, and modify local files. In a model-routing skill, this matters because users may treat setup commands as harmless validation steps when they actually contact external providers and persist state.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README explicitly promotes real API execution, model discovery, validation, routing, and benchmarking across multiple providers, but it does not clearly warn users that task content and prompts may be transmitted to external model vendors. In a multi-provider orchestration skill, users may reasonably assume local routing logic while unknowingly sending sensitive prompts, source code, or operational data to third parties, creating a real privacy and data-handling risk.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README directs users to execute health-check, validation, routing, and shell wrapper commands that explicitly probe models, perform real API calls, and write `.imperial_state.json`, but it does not clearly warn that these actions cause network activity, may incur provider costs, and create local state files. In a skill centered on multi-provider orchestration, this omission is materially risky because users may run the commands during installation or evaluation without understanding the side effects.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The executor sends the task and optional system prompt directly to external model provider endpoints, but this file provides no consent gate, redaction, or user-visible disclosure before transmission. In an orchestration tool that may route across multiple third-party providers, this can expose sensitive prompts, credentials, internal data, or regulated content to external services without the operator realizing it.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The review pipeline forwards both the original task and the generated output to additional review models, multiplying data exposure beyond the primary inference call. This is more dangerous in this skill because the orchestrator intentionally chains and degrades across providers, so a single request may be replicated to several external services without clear disclosure or minimization.

Ssd 3

Medium
Confidence
90% confidence
Finding
AuditLog.log accepts arbitrary keyword fields and persists them verbatim to disk, and stats() later aggregates fields like model, input_tokens, output_tokens, and cost_usd without any filtering or redaction. In an orchestration/router skill, callers may naturally pass prompts, task text, errors, credentials, or other sensitive operational data into audit events, creating a durable local data-retention and secret-exposure risk if the log file is readable, backed up, or exfiltrated.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal