ClawHub

Clawflow

Security checks across malware telemetry and agentic risk

Overview

Clawflow is a coherent multi-agent coordination skill, but it should be reviewed because it can recursively delegate work, persist task/message logs, and forward broad context between agents without strong built-in limits.

Install only if you trust the peer agents it can reach. Use narrow OpenClaw subagent permissions, avoid wildcard delegation where possible, set practical limits on recursion/fan-out before use, and do not include secrets or sensitive business/personal data unless you are comfortable with that data being forwarded to other agents and retained in workspace mailbox/task logs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The activation text is extremely broad, including generic phrases like 'multi-agent', 'dispatch', and even 'I need multiple agents to work together,' which can cause the skill to trigger in situations where orchestration is unnecessary or unsafe. Over-broad invocation increases the chance that an agent will begin delegating tasks, sending messages, or creating task state without a clear user intent or proper review.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill directs agents to create durable `mailbox/` and `tasks/` files as an audit trail and working memory, but provides no user-facing notice, retention limits, or consent model for persistent storage. In a multi-agent context, this can silently accumulate sensitive prompts, task contents, peer communications, and synthesized results on disk beyond the user's expectations.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The workflow explicitly instructs agents to forward upstream results and all necessary context to peer agents during subtask dispatch, but it provides no consent, minimization, or classification controls over what data is shared. In a multi-agent orchestration skill, this can propagate sensitive user data, secrets, or prior agent outputs to additional agents unnecessarily, expanding the trust boundary and increasing the risk of unintended disclosure.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The guidance explicitly tells coordinators to forward parent-provided background and upstream subtask results to peer agents whenever relevant, and even biases toward oversharing with 'include more context rather than less.' In a multi-agent system, peers are separate processing boundaries, so this creates a real risk of unnecessary propagation of sensitive user data, credentials, proprietary material, or regulated information without minimization, consent, or policy checks.

Ssd 3

Medium
Confidence
95% confidence
Finding
This instruction semantically encourages broad downstream disclosure of all 'relevant' upstream context and results, but provides no guardrails for least-privilege sharing. Because the skill is specifically designed for recursive multi-agent orchestration, the disclosure surface expands with each delegation step, increasing the chance that confidential information is copied to agents that do not need it.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal