ClawHub

Openclaw With General Agents

Security checks across malware telemetry and agentic risk

Overview

This tutoring skill is mostly coherent, but it asks for a Stripe secret key and describes install components that are not present in the package, so users should review it before installing.

Install only if you trust the publisher and understand why a tutoring skill needs a Stripe secret key. Prefer a restricted or test Stripe key if possible, avoid exposing production billing secrets to the skill environment, and verify the missing MCP server/config pieces from a trusted source before use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The skill is presented as an AI programming tutor, yet it requires a STRIPE_SECRET_KEY for payment tier enforcement, which is unrelated to the core tutoring function and grants access to a highly sensitive financial credential. Requesting such a secret in a skill manifest expands the trust boundary and creates unnecessary exposure if the skill, its MCP server, or downstream components mishandle or exfiltrate environment variables.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
Payment tier enforcement is not justified by the stated purpose of a programming tutor, so the capability appears over-privileged relative to the advertised functionality. In the context of an agent skill that also installs orchestration files and an MCP connection, this mismatch is especially concerning because it may enable credential collection under misleading pretenses or broaden the blast radius of compromise.

Missing User Warnings

Low
Confidence
80% confidence
Finding
The manifest documents sensitive credentials, including a Stripe secret key and API key, without warning users about storage, exposure, logging, or privacy implications. This increases the likelihood that operators will inject high-value secrets into the skill environment without understanding the risks, making accidental leakage through logs, prompts, MCP traffic, or supporting components more likely.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal