ClawHub

creat-anget

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a legitimate standalone-agent setup tool, but it handles local configuration and credentials in ways users should review carefully before installing.

Install only if you are comfortable with this skill changing local OpenClaw configuration and creating persistent agent state. Before running it, avoid copying the main agent's auth profiles unless you intentionally want shared credentials, prefer environment variables or a protected secret store for Feishu app secrets, and review any openclaw.json diff before restarting OpenClaw.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill instructs the agent to create directories, modify `openclaw.json`, initialize workspace files, and potentially run a restart command, which are file write/read capabilities. Because these capabilities are not explicitly declared, operators and policy layers may not realize the skill can alter local configuration and state, increasing the risk of unauthorized or surprising filesystem changes.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The script advertises creation of a fully isolated standalone agent, but `copy_agent_files()` copies `auth-profiles.json` from the main agent into the new agent. That breaks isolation boundaries and can unintentionally grant the new agent access to credentials or authentication contexts belonging to the primary agent, increasing the blast radius if the new agent is compromised or misconfigured.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill provides examples for placing Feishu `appSecret` values directly into `openclaw.json`, which can expose long-lived credentials through local file disclosure, backups, source control, logs, or overly broad filesystem permissions. Although the document briefly says to handle secrets carefully, it does not give a strong warning or safer default, so users may normalize insecure secret storage.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal