ClawHub

发现、对比和配置多平台免费/低价 AI 模型

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed model-management helper that can change OpenClaw model settings when specific commands are run, but the inspected artifacts do not show hidden network access, credential theft, destructive behavior, or automatic persistence.

Install this only if you want a CLI that can change your OpenClaw default and fallback models. Before running auto or switch, back up ~/.openclaw/openclaw.json or review it afterward, and treat provider API keys and cloud model use as sensitive because prompts may be handled by the selected external provider.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The skill description and 'Use when' triggers are very broad, covering common user intents like wanting cheaper models or switching providers. In an agent environment, this can cause the skill to be invoked in situations where the user did not explicitly request configuration changes, increasing the chance of unintended actions such as editing config or changing active models.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The document explicitly states that the skill can directly modify the OpenClaw configuration file, set primary and fallback models, and automatically restart the gateway, but it does not present a prominent warning or confirmation requirement. In practice, this creates a high risk of unauthorized or surprising state changes that can disrupt service, change billing exposure, or switch the system to weaker or untrusted models.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The skill instructs users to export multiple provider API keys but does not warn that these credentials are sensitive, should not be logged, and should be stored securely. In an agent-assisted workflow, omission of these precautions raises the chance of accidental secret disclosure through shell history, screenshots, shared terminals, or downstream logs.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The document encourages use of multiple third-party cloud AI providers that require API keys, but it omits an important privacy and security warning: prompts, uploaded context, and possibly metadata may be transmitted to external services and retained under provider-specific policies. In a skill focused on model/provider selection, this omission can mislead users into sending sensitive data to remote endpoints without informed consent or proper data-handling review.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The manifest exposes very generic command triggers such as 'list', 'auto', 'switch', 'status', 'refresh', and 'compare' without any namespacing or contextual constraints. In an agent ecosystem, broad triggers increase the chance of accidental invocation or command collision with other skills, which can lead to unintended execution of model-selection or configuration-changing behavior.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The manifest explicitly references OpenClaw configuration keys and a config path, while the description and features advertise automatic configuration and model switching, but it does not warn that local agent configuration may be modified. This creates a real risk of silent or unexpected changes to default models, which could affect subsequent agent behavior, cost, privacy, or reliability across the user's environment.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal