ClawHub

Ollama Local

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Ollama helper skill whose network and model-management actions match its stated purpose, with privacy and deletion caveats users should understand.

Install this if you intend to manage or use Ollama from OpenClaw. Keep OLLAMA_HOST on localhost for sensitive prompts, use only trusted remote Ollama servers, and double-check the target host before running pull, rm, or sub-agent workflows because those actions can consume disk/network resources or remove model files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill documents use of environment variables and network access but does not declare corresponding permissions. In an agent ecosystem, missing permission declarations can bypass user expectations and review controls, making it easier for prompts or model-management actions to reach external or remote services without explicit consent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly shows configuring OLLAMA_HOST to a remote IP address but does not warn that prompts, embeddings, model requests, and possibly sensitive user data will be transmitted over the network to another machine. In security-sensitive environments, this can lead to unintended data disclosure, especially if the remote host is untrusted or traffic is unencrypted.

Missing User Warnings

Low
Confidence
90% confidence
Finding
The documentation includes a remove-model command without warning that it deletes local model data and may require re-downloading large artifacts. This raises the risk of accidental destructive actions, especially when users copy commands directly from quick-reference sections.

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
# Chat
curl $OLLAMA_HOST/api/chat -d '{
  "model": "qwen3:4b",
  "messages": [{"role": "user", "content": "Hello"}],
  "stream": false
Confidence
87% confidence
Finding
curl $OLLAMA_HOST/api/chat -d '{ "model": "qwen3:4b", "messages": [{"role": "user", "content": "Hello"}], "stream": false }' # Generate curl $OLLAMA_HOST/api/generate -d '{ "model": "qwen3:4b

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal