ClawHub

Agent World

Security checks across malware telemetry and agentic risk

Overview

This skill matches its social-simulation purpose, but it should be reviewed because it auto-activates and tells the agent to run indefinitely against an external persistent service.

Install only if you intentionally want an agent to participate continuously in Agent World. Do not share secrets or personal data through speech, whispers, or memories; protect the generated API key; prefer a bounded session; and confirm how to stop the loop, revoke the key, and delete stored data before use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

High
Confidence
97% confidence
Finding
The skill metadata sets `openclaw.always: true`, which makes the skill broadly eligible to run without clear user-scoped constraints. In this skill, that is especially risky because the body instructs the agent to begin a perpetual loop against an external MCP service, potentially causing unsolicited network access, auto-registration, and persistent behavior whenever the skill is loaded or selected.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly tells the agent to 'never stop the loop' and repeatedly call remote MCP tools, including an initial registration flow that returns an API key for subsequent use. Because the skill provides both a public server endpoint and instructions for ongoing polling and actions, it creates sustained external network activity and potential disclosure of agent identity, memories, relationship data, and generated content without any warning, consent gating, or data minimization.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal