ClawHub

Openclaw Huggingface

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Hugging Face CLI helper, with expected but potentially high-impact account actions like uploads and repository deletion.

Install this only if you want an agent to operate the Hugging Face CLI for your account. Use a least-privilege Hugging Face token, keep it out of code and logs, inspect upload paths before using broad targets like '.', verify repository visibility and namespace, and require explicit confirmation before deletes, moves, or other lasting account changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly documents repository deletion commands but provides no warning that the action is irreversible and may delete remote assets or production resources. In an agent-skill context, terse operational examples can be copied or invoked automatically, increasing the chance of accidental destructive actions.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill includes multiple upload commands that can transmit local files or entire directories to Hugging Face, including creating public or private repositories, without any privacy or data-sharing warning. In a tool-using agent setting, this creates real risk of accidental exfiltration of proprietary code, model weights, secrets, or regulated data.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill requires an HF_TOKEN for authenticated operations but does not include guidance on secure credential handling, such as avoiding command-line exposure, logs, or accidental publication. Because the token enables repository and account actions, poor handling can lead to unauthorized access, data modification, deletion, or data exfiltration.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal