Clawhub

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed ClawHub skill manager that can install or update persistent skills, with normal supply-chain risk but no evidence of hidden or malicious behavior.

Install only if you trust ClawHub and the npm `clawhub` CLI. Confirm any global CLI installation yourself, review third-party skills before enabling them, and be careful with `update --all` because installed skills persist and can affect future OpenClaw sessions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Missing User Warnings

Medium

Confidence: 85% confidence
Finding: The WhatsApp flow says the agent will handle CLI installation, which implies a remote conversational channel could trigger package installation and system modification without a clear confirmation step. That is dangerous because it lowers the barrier to unreviewed code installation and may cause unintended changes on the host from a casual message.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal