ClawHub

toolchain-bootstrap

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed container toolchain installer, but users should understand it downloads external executables and changes shell startup settings.

Install this mainly in a fresh or disposable development container, or only after you trust the TurinFohlen/openclaw-toolchain release. Expect a large executable archive to be downloaded, extracted into /workspace, verified by running tool version commands, and added to future shells through ~/.bashrc PATH changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill advertises shell-capable behavior such as downloading, extracting archives, and editing shell startup files, but it declares no permissions. That mismatch prevents users and policy systems from understanding the skill's real capabilities, increasing the risk of unexpected execution and environment modification.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill states that it automatically writes environment variables into ~/.bashrc, but it does not prominently warn users that their shell startup files and PATH will be modified persistently. Persistent shell configuration changes can alter future command resolution, break environments, or make later malicious binaries easier to execute through PATH precedence.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill description does not clearly warn that setup downloads a remote tarball from GitHub and extracts it into /workspace. Pulling and unpacking a remote archive without prominent disclosure and integrity-verification guidance raises supply-chain risk, especially because the archive contents may later be executed via updated PATH entries.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal