ClawHub

Test

Security checks across malware telemetry and agentic risk

Overview

This appears to be a monitoring/status skill, but it exposes powerful host and OpenClaw telemetry and supports shell-command health checks without enough scoping or access-control guidance.

Review before installing. Bind the API to localhost or protect it with strong authentication and TLS, disable command checks unless you trust every config source, run it under a low-privilege account, and avoid exposing OpenClaw workspace, cron, skill, or model/context telemetry to untrusted networks.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly supports `command` service checks that run shell commands, but the documentation does not warn users that configuring this feature grants arbitrary command-execution capability to the deployed status service. In a monitoring skill, this is dangerous because operators may treat config as low-risk metadata, while a malicious or compromised config can execute system commands under the service account and expose sensitive host data.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill advertises an HTTP API exposing bot health, model details, context usage, service connectivity, cron jobs, skills, dev servers, Docker health, and system metrics, but provides no warning about authentication, network exposure, or privacy risks. A status endpoint with this breadth of telemetry can materially aid attackers by leaking environment structure, installed capabilities, internal services, and operational state if bound beyond localhost or placed behind weak access controls.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal