ClawHub

Compliance Audit

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate local audit-log skill, but users should avoid storing secrets or personal data in its persistent logs.

Install if you need a local tamper-evident audit trail. Treat ~/.openclaw/audit as sensitive: do not log API keys, tokens, passwords, PII, or regulated data; set appropriate file permissions and retention/deletion practices; review exports before sharing them; and ensure any agent invoking the script passes JSON arguments safely without shell string concatenation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill advertises and demonstrates persistent local audit logging to `~/.openclaw/audit/`, which is a file-write capability, yet no explicit permissions are declared. That creates a trust and consent gap: users or host frameworks may invoke the skill without realizing it can write durable data to disk, including operational details that may be sensitive.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly encourages logging details about data access, decisions, and budget activity, including examples like `api_key`, but provides no privacy warning or minimization guidance. This can lead to sensitive secrets, personal data, or confidential business context being copied into local audit files, increasing exposure and retention risk even if the audit trail itself is tamper-evident.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The script writes arbitrary `details` content directly to a persistent audit file and later exposes the same content through `view` and `export` without any redaction, classification, or user warning. In a compliance/audit skill, this is especially risky because operators may log API keys, tokens, PII, prompts, or sensitive operational context under the assumption that auditing is inherently safe, creating a durable disclosure surface.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal