ClawHub

Skills Audit

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed local audit and monitoring tool for OpenClaw skills, with optional remote reputation lookup that is off by default.

Install only if you want this skill to index and snapshot your local skills directory for audit history. Leave QianXin intelligence disabled unless you are comfortable sending a bundle-level MD5 lookup to that service, and review any cron or external notification target before enabling monitoring.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The skill advertises audit/logging/monitoring, but it also performs remote HTTPS lookups to a third-party service using a hash derived from the whole skills bundle. This expands data flow outside the local system and can leak metadata about the user's installed skills set without being clearly disclosed by the manifest, which is risky for a security-sensitive auditing tool.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The code contains external network capability for remote reputation/intelligence scanning that is not obviously necessary for append-only local auditing. In this context, unexpected outbound requests from a security tool increase trust and privacy risk because the tool processes potentially sensitive workspace contents and inventories.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger phrases for invoking the mandatory `show` flow are very broad and may match ordinary user requests about 'changes' or 'diffs' outside the intended skill-audit context. In an agent setting, broad triggers can cause unintended command execution or disclosure of sensitive change metadata when the user did not intend to operate this skill.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal