ClawHub

OpenClaw Skill Auditor

Security checks across malware telemetry and agentic risk

Overview

This is a user-run skill scanner with some overstated documentation and local temporary-file hygiene issues, but no evidence of hidden, destructive, or data-stealing behavior.

Use this as a lightweight pre-install scanner, not as proof that a skill is safe. Treat any /tmp suspicious-code output as untrusted and possibly sensitive, delete it after review, and be aware that the advertised LLM/Gemini analysis is a manual handoff rather than an integrated security check.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The script claims to provide an LLM analysis stage, but it never performs one; instead it writes suspicious content to disk and tells the operator to use another agent manually. This is dangerous because users may rely on a non-existent security control and make trust decisions based on a misleading workflow.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The help text advertises 'LLM intent analysis (Gemini)' even though the implementation only stages suspicious code and prints instructions for external review. Misrepresenting capabilities in a security tool can create false assurance and cause operators to skip independent validation.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
Suspicious code extracted from scanned skills is copied to a predictable file path under /tmp, which can expose potentially sensitive or malicious content to other local users and processes. Predictable temporary filenames also increase the risk of tampering, unintended disclosure, and symlink-related file abuse in shared environments.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal