ClawHub

Security Hardener

Security checks across malware telemetry and agentic risk

Overview

This is a local OpenClaw security-audit tool with sensitive but disclosed scanning and fix behavior, and no evidence of hidden exfiltration or persistence.

Install only if you want a local OpenClaw hardening helper that can inspect sensitive configuration and environment files. Run audit or fix --dry-run first, review the findings, and use fix carefully because it can change file permissions and bind OpenClaw to localhost.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill advertises shell, file-read, and file-write capabilities while declaring no permissions, which creates a dangerous mismatch between what the skill can induce an agent to do and what reviewers or users are told to expect. In a security-themed skill that also promises auto-remediation, this hidden capability gap materially increases the chance of unexpected code execution and system modification.

Context-Inappropriate Capability

Medium
Confidence
76% confidence
Finding
The skill is a security auditor, but it executes an external `openclaw` binary discovered via PATH. If a malicious or trojanized binary named `openclaw` is present earlier in PATH, running the audit could execute unintended code under the user's privileges.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger phrases are broad and map to common requests like 'security audit', 'am I secure', and 'fix my security', making accidental invocation more likely in unrelated contexts. Because the skill can perform scanning and remediation, unintended activation could expose sensitive files or cause configuration changes the user did not specifically request.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The auto-remediation section describes changing permissions, moving secrets, enabling auth, rebinding network interfaces, and disabling plugins without a prominent warning that these are impactful operational changes. Such actions can break services, alter access paths, or lock out administrators if executed automatically or on the wrong target.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The auto-fix path rewrites the OpenClaw config file immediately when a matching issue is found, without an interactive confirmation step or safer staged review. This can cause denial of service or unexpected lockout by changing bind settings on production systems, especially when run in automation or by a less experienced user.

Credential Access

High
Category
Privilege Escalation
Content
Options: `--dry-run` to preview fixes without applying, `--backup-dir <path>`.

### `keys` — API Key Scanner
Searches config files, memory files, SKILL.md files, .env files, shell history, and git history for exposed secrets. Pattern library covers 40+ key formats (AWS, OpenAI, Anthropic, Stripe, etc.).

### `auth` — Auth Configuration Check
Verifies authentication is properly configured:
Confidence
91% confidence
Finding
.env

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal