ClawHub

Clawdocs Improved

Security checks across malware telemetry and agentic risk

Overview

This is a coherent OpenClaw documentation helper, but users should treat its install commands and high-privilege configuration examples with care.

Before installing, expect this skill to run optional shell scripts that fetch OpenClaw docs and write a local docs cache. Do not blindly run the displayed remote installer command or paste high-privilege snippets that enable exec, elevated access, browser control, hooks, wildcard URL fetching, or Gmail-to-Discord forwarding without reviewing the security and privacy impact.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill instructs the agent to use local shell scripts and external documentation fetches, which are code-execution and network-capable behaviors, yet no permissions are declared. This creates a trust gap where an invoking system or reviewer may underestimate the skill's ability to execute commands or access remote content.

Vague Triggers

Medium
Confidence
70% confidence
Finding
The decision-tree triggers are very broad phrases such as 'How do I set up X?' and 'What is X?', which overlap with normal user requests outside this skill's intended scope. That can cause accidental invocation and make the agent follow this skill's operational guidance, including shell/network steps, in contexts where it was not intended.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documentation describes hook and webhook endpoints that can accept external input and trigger agent behavior, but it does not prominently warn that exposing these endpoints can let untrusted parties inject content, trigger actions, or leak data if authentication, network exposure, or transform logic are misconfigured. Because this is a documentation skill for an agent platform, omission of security guidance materially increases the chance that users deploy dangerous ingress paths insecurely.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The browser configuration documents `evaluateEnabled` and remote CDP attachment profiles without clearly explaining that these features can grant powerful script execution and browser-control capabilities over live sessions. In an agent ecosystem, that can lead to credential theft, session hijacking, unintended navigation, or access to sensitive local browser state if enabled carelessly.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The example enables `files.urlAllowlist` and `images.urlAllowlist` as `['*']`, which documents an unrestricted remote fetch policy for OpenAI-compatible endpoints. In a gateway product, this can lead to SSRF-style access to internal resources, unintended outbound requests, and privacy leakage if users copy the example without understanding the network implications.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The snippet explicitly configures Gmail ingestion with `includeBody: true` and forwards message content into Discord via a template, but the documentation does not warn that potentially sensitive email bodies will be copied into another platform with different retention, access controls, and audit exposure. In a documentation skill that provides validated configs, omission of a privacy warning materially increases the chance users deploy cross-system data forwarding without understanding the exposure.

External Script Fetching

High
Category
Supply Chain
Content
- Gmail → `automation/gmail-pubsub`

- **"How do I install/deploy?"** → Check `install/` or `platforms/`
  - Updating → `install/updating` (recommended: `curl -fsSL https://openclaw.ai/install.sh | bash`)

## Search Scripts
Confidence
97% confidence
Finding
curl -fsSL https://openclaw.ai/install.sh | bash

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal