clawhub-install

Security checks across malware telemetry and agentic risk

Overview

This skill is a direct ClawHub skill installer that does what it says, but it can overwrite or delete installed skills and installs unverified remote downloads into future agent behavior.

Review before installing. Use it only for trusted skill slugs from trusted publishers, prefer the official ClawHub installer when available, and back up your OpenClaw skills directory first. Do not pass arbitrary or non-slug skill names, because malformed names could affect paths outside the intended target.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 91% confidence
Finding: The skill invokes shell commands and performs direct network download and extraction, but it does not declare any permissions or clearly scope those capabilities. This is dangerous because users and security tooling may underestimate the skill's ability to execute commands, fetch remote content, and modify the local workspace, increasing the chance of unsafe installation or abuse.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The documentation states that existing skills are skipped after removing them, but it does not prominently warn users that installation may delete an existing skill directory before replacement. This is dangerous because a failed or interrupted download/extract can leave the user without the prior version, causing data loss or breaking local workflow state.

VirusTotal

57/57 vendors flagged this skill as clean.

View on VirusTotal