ClawHub

Agent Factory

Security checks across malware telemetry and agentic risk

Overview

This skill is coherent as an agent factory, but it creates persistent agents with broad browser, Sheets, cron, memory, and configuration authority that is not tightly scoped.

Install only if you intentionally want persistent sub-agents that can inherit powerful OpenClaw capabilities. Back up openclaw.json first, prefer isolated browser profiles over profile=chrome, restrict Google Sheets credentials, review generated USER.md and cron files, and remove agent entries manually if creation goes wrong.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The script advertised for agent creation also scaffolds cron-job files and explicitly instructs users to copy them into the global scheduler directory, expanding its effective capability beyond simple agent setup. In an agent-management context, this broadens the trust boundary and can normalize persistence or scheduled execution paths that are not clearly separated from basic provisioning, increasing the chance of unintended code execution later.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The skill advertises very broad natural-language trigger phrases such as asking another agent to do something, which can cause accidental invocation or delegation without an explicit command boundary. In a skill that can create agents, switch context, and direct other agents with access to browser, fetch, Sheets, and cron capabilities, ambiguous triggering increases the chance of unintended state changes or external actions.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill describes powerful capabilities available to every created agent—web search, browser interaction, web fetch, Google Sheets access, and cron jobs—but does not warn users that these can affect external systems, stored data, or persistent automation. This omission is dangerous because users may delegate tasks without realizing that newly created agents can browse, modify remote content, access spreadsheets, or schedule recurring actions.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script creates multiple files and directories under the user's agent workspace and later modifies the global openclaw.json configuration automatically, but gives no confirmation prompt, dry-run mode, or explicit warning before making persistent changes. In a privileged local automation context, this raises the risk of accidental configuration tampering, unwanted agent registration, and hard-to-reverse state changes from a single invocation.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal