ClawHub

skill-forge

Security checks across malware telemetry and agentic risk

Overview

This skill is a mostly coherent skill-building helper, but it can run system package installs and persist skills into OpenClaw without enough validation or confirmation.

Review before installing if your agent may run skill commands automatically. Do not run install-deps on untrusted skill directories without inspecting _meta.json requires.bins first, and treat install --openclaw as a persistent change to your local agent setup. No artifact-backed exfiltration or destructive intent was found, but the package-install and persistent-copy capabilities justify Review.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The `detectMalware` function presents itself as malware scanning, but it only performs naive substring matching on a limited set of file types. This can create a false sense of security and cause users to trust unvetted third-party code after a superficial scan, especially because the output says the project 'appears to be safe' when nothing malicious is detected.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill claims to automatically search GitHub/ClawHub, analyze projects, and scan referenced code in the background, but it does not disclose when external services may be contacted or what local/project data may be transmitted. In an agent setting, silent outbound research or code analysis can leak repository contents, prompts, file names, or proprietary context to third parties without informed consent.

Missing User Warnings

Medium
Confidence
80% confidence
Finding
The CLI exposes commands that lead to dependency installation using package managers, and those operations are performed without interactive confirmation or strong warnings about system modification and elevated privileges. In this skill context, dependency names come from `_meta.json`, so a user running the tool against an untrusted skill could trigger unintended package installation attempts.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal