ClawHub

cachelint

Security checks across malware telemetry and agentic risk

Overview

CacheLint mostly behaves like a local cache scanner, but its optional git hooks and license-secret handling need review before installation.

Install only if you are comfortable with a local scanner that may read a CacheLint license from your OpenClaw config. Avoid using the --license-key flag; prefer a protected config file or environment variable. Do not run hooks install unless you want CacheLint to modify lefthook.yml and run on future commits and pushes, and review that file afterward.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Context-Inappropriate Capability

High
Confidence
92% confidence
Finding
This code modifies repository configuration by creating or appending to lefthook.yml and then installs git hooks in the current repository. For a tool described as an analyzer, adding persistence-like behavior that changes developer workflow is higher risk because it alters trusted repo state and can cause future automatic execution of skill-controlled code during commits.

Context-Inappropriate Capability

Medium
Confidence
84% confidence
Finding
The uninstall path edits repository configuration files and removes hook-related content using broad text operations. Although intended as cleanup, repository-modifying capabilities are still sensitive because they can damage project configuration or unexpectedly alter developer safeguards outside the analyzer's stated purpose.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The file implements extensive license enforcement, JWT parsing, tier-gating, and status display logic that is not part of the declared cache anti-pattern analysis function. In a skill ecosystem, capability drift matters because unrelated logic increases attack surface, complicates review, and can be used to justify secret access or execution paths that users would not expect from an analyzer.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The script reads a license key from an environment variable and from ~/.openclaw/openclaw.json even though the skill description only claims cache misuse analysis. Secret retrieval that is unnecessary to the stated purpose is risky because it expands the skill's access to sensitive data and creates an opportunity for credential exposure, misuse, or future abuse.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The code conditionally uses CLAWHUB_JWT_SECRET, a separate secret not obviously related to CacheLint licensing, to verify JWT signatures. Accessing an unrelated shared secret is especially dangerous because it creates secret scope confusion and may let the skill depend on or probe for high-value platform credentials beyond its stated role.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Accepting a license key on the command line and exporting it for downstream use exposes the secret to shell history, process listings, CI logs, and debugging output. Even if the export is local to the process tree, the original command-line argument is often observable by other local users or captured by tooling.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal