ClawHub

ClawGuard-Checker

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate local OpenClaw security checker, but it asks agents to inspect sensitive files and even optional process memory without tight scope or clear consent safeguards.

Install only if you are comfortable with a security skill that may guide an agent to inspect sensitive local files. Use it first against a specific OpenClaw config, avoid broad .env/log scans and memory scanning unless explicitly needed, and review any generated hardened config before applying it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill documentation directs the agent to read configuration files, search environment files and logs for secrets, and implies shell/environment access, yet the manifest declares no corresponding permissions. This creates a transparency and consent gap: operators may invoke the skill believing it is passive metadata-only analysis when it can access sensitive local data and execute environment-dependent checks.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The skill is described primarily as a security checker, but the content also describes generating hardened configs, inserting new authentication tokens, writing reports/config files, and suggesting replacement commands. Crossing from assessment into state-changing remediation is dangerous because users may grant trust appropriate for an analyzer while the skill can materially alter security posture and credentials.

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The manifest frames the skill as analysis/verification, while the body includes one-click hardening and automated configuration generation. This is a scope-deception issue that can lead to over-privileged deployment or unsafe invocation because defensive review may be based on the narrower stated purpose.

Context-Inappropriate Capability

Medium
Confidence
83% confidence
Finding
Scanning memory dumps or live process memory for credentials is an intrusive capability that can expose highly sensitive data far beyond the OpenClaw configuration surface. In the context of a security-checking skill, this materially increases data access and collection risk without clear necessity or containment controls.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger conditions are broad phrases like "security check" or "how to secure," which can cause accidental activation in conversations where the user did not intend local file, log, or secret scanning. Because this skill reaches into sensitive configuration and credential sources, unintended invocation increases privacy and security risk.

Missing User Warnings

High
Confidence
96% confidence
Finding
The skill instructs scanning config files, .env files, log files, and elsewhere even mentions memory-related credential checks, but does not warn users about exposure of secrets, personal data, or retention/handling implications. This is dangerous because security tools often access the most sensitive artifacts in a system, and silent inspection can violate least surprise and privacy expectations.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
Advertising one-click hardening and automated fix generation without prominent warning that it may change configuration, credentials, or system behavior creates a consent and change-management risk. Users may treat the skill as diagnostic, but generated remediation artifacts can lead to operational disruption or insecure replacements if applied blindly.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal