ClawHub

ratelint

Security checks across malware telemetry and agentic risk

Overview

RateLint is a local code scanner with paid-tier license checks and optional git-hook integration; the extra access is mostly disclosed and aligned with its purpose.

Install if you are comfortable with a local tool scanning selected repository files. Prefer storing the license key in the environment or OpenClaw config rather than passing it on the command line. Review any lefthook.yml changes before enabling hooks, because they persist in the repo and can block commits or pushes until removed or bypassed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Tp4

High
Category
MCP Tool Poisoning
Confidence
91% confidence
Finding
The skill is presented primarily as a static analyzer, but the documented behavior includes license-key handling, tier enforcement, status inspection, and git-hook installation via lefthook. This mismatch can mislead users about what the skill will access or modify, increasing the chance of unintended secret exposure, repository modification, or execution of ancillary functionality beyond simple scanning.

Description-Behavior Mismatch

High
Confidence
93% confidence
Finding
The file implements a full license-gating and JWT inspection workflow even though the skill is described as a rate-limiting anti-pattern analyzer. This kind of out-of-scope behavior increases attack surface, adds unnecessary secret handling, and creates opportunities for misuse or trust erosion because users would not expect the skill to read local config and enforce licensing logic.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The script reads a license key from the environment and from ~/.openclaw/openclaw.json, which is unrelated to the stated purpose of analyzing rate-limiting patterns. Accessing local secrets and configuration without a strong purpose justification is risky because it broadens the skill's data access and could enable secret harvesting or unintended exposure through downstream processing.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The broad natural-language triggers are likely to match ordinary user requests such as 'scan my code' or 'audit my project,' which can cause unintended invocation of the skill. In an agent setting, accidental invocation may expose local codebases to unexpected processing, trigger repo-wide scans, or run auxiliary commands when the user did not explicitly request this tool.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal