ClawHub

Godot Skill

Security checks across malware telemetry and agentic risk

Overview

This skill is purpose-built for Godot editor automation, but it exposes broad project-changing control through an unauthenticated local HTTP bridge that users should review before installing.

Install only if you intentionally want OpenClaw to control a Godot editor. Back up projects first, test in a separate project, keep the OpenClaw gateway reachable only by trusted local components, and disable or remove the extension when not using it. Treat scene saves, node deletion, property changes, script reads, screenshots, and simulated input as sensitive actions that should require explicit user approval.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The HTTP handler exposes registration, polling, result submission, and status endpoints with no authentication or origin restrictions, while explicitly enabling CORS for any origin. Any local or reachable process can enumerate sessions, impersonate a Godot client, poll queued commands, or inject fake tool results, which breaks trust in the editor-control channel and can lead to unauthorized editor actions or data exposure.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger description is broad enough to match many ordinary Godot-related requests, which can cause the skill to auto-invoke in situations where the user did not intend editor control or input simulation. Because this skill can create, modify, delete, save scenes, and simulate gameplay input, unintended invocation raises the risk of unauthorized project changes or disruptive actions.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill documentation presents destructive editor operations and input simulation as routine workflows without warning that these actions can alter project state, trigger in-game actions, or overwrite scene files. In a tool that directly controls an editor, the absence of explicit cautions and confirmation requirements makes accidental harmful use more likely.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
This code accepts and exposes sensitive project/session metadata and command/result traffic without any visible consent, warning, or access control in the file. In the context of an agent skill that can drive a game editor, silent exposure of project names, versions, session identifiers, screenshots, script contents, and execution results increases the risk of unintended local disclosure and unauthorized control.

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
### Recommendation: **`true`**

**Reason:** During Godot development, it's useful for AI to autonomously perform supporting tasks like checking scene tree, taking screenshots, and inspecting nodes.

**When to use `true`:** For sensitive tools (payments, deletions, message sending, etc.)
Confidence
95% confidence
Finding
autonomously perform

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal