ClawHub

Windows Upgrade Guide

Security checks across malware telemetry and agentic risk

Overview

This is mostly a Windows OpenClaw troubleshooting guide, but it includes destructive reset commands and an unclear third-party plugin install without enough scoping or warning.

Review the commands before installing or using this skill. Back up `~/.openclaw` before any reset, prefer renaming the directory instead of deleting it, and do not run the Lark/Feishu plugin install unless you confirm it is actually required for your intended WeChat recovery workflow.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
85% confidence
Finding
The Windows upgrade-troubleshooting skill unexpectedly instructs users to install a Feishu/Lark plugin during a WeChat integration recovery flow. Introducing unrelated third-party software expands attack surface and can mislead users into changing integrations they did not intend to modify, especially in a troubleshooting context where users are likely to follow commands verbatim.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The guide tells users to delete the entire ~/.openclaw directory as part of reset steps without a prominent warning that this destroys local configuration and potentially credentials or integration settings. In a troubleshooting skill, users are primed to execute copy-pasted commands, so omission of data-loss warnings materially increases the risk of accidental destructive action.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The emergency recovery section recommends full configuration deletion during reinstall without clearly warning users that local state, custom settings, and possibly secrets will be lost. Because it is framed as an emergency fix, users may execute it under stress and skip any implicit caution, making accidental irreversible loss more likely.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal