ClawHub

OpenGuardrails

Security checks across malware telemetry and agentic risk

Overview

MoltGuard has a real security purpose, but it asks the agent to install runtime security software, use a remote scanning service, and store or display API credentials with under-scoped user consent.

Install only after explicit user approval. Treat the Core backend and the @openguardrails/moltguard plugin as trusted components, avoid sharing /og_status or /og_claim output, review where credentials are stored, and use enterprise enrollment only with a Core URL your organization controls and verifies.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly states that it will obtain an API key from Core and save credentials under a local path, but it does not warn the user about the sensitivity of those credentials, file permissions, or the security implications of local storage. In an agent environment, silently normalizing local credential persistence increases the chance of accidental disclosure through logs, backups, shared machines, or later file reads by other tools.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The documentation says `/og_status` shows the user's API key alongside quota and plan information, but provides no warning not to run it in shared terminals, screen shares, logs, or copied transcripts. Exposing secrets through a routine status command materially raises the risk of credential leakage because users and agents may treat status output as safe diagnostic information.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal