ClawHub

Technical Eval

Security checks across malware telemetry and agentic risk

Overview

This is a technical evaluation/reporting skill that does expected web research and local report generation, with some privacy and credential-handling caveats.

Install only if you are comfortable with the skill saving evaluation artifacts locally and sending research queries to external services. Use a dedicated Tavily API key, avoid putting unrelated secrets in ~/.openclaw/.env before using the helper, and avoid confidential project names or internal strategy details unless that disclosure is acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
85% confidence
Finding
The skill instructs setting environment variables as part of execution even though a reporting/evaluation skill should not need to mutate execution environment by default. This can leak sensitive paths or credentials into downstream tooling, expand the attack surface for chained commands, and normalize hidden state changes that users did not request.

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The skill automatically writes numerous files to a fixed workspace path, which exceeds the expected behavior of simply producing structured recommendations in-chat. Unannounced filesystem writes can expose sensitive project context, overwrite prior artifacts, create persistence of confidential analysis, and surprise users operating in shared or monitored environments.

Context-Inappropriate Capability

Low
Confidence
87% confidence
Finding
The script imports every variable from a shared ~/.openclaw/.env file instead of reading only TAVILY_API_KEY. This broad trust in a shared environment expands the attack surface: unexpected or malicious variables in that file can influence downstream behavior of this and child processes, and the parsing method is also brittle for shell-special content.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
Automatic file creation in a fixed workspace path without an explicit user warning is a real security and privacy issue because it creates undisclosed persistent artifacts. In enterprise or shared systems, these artifacts may contain sensitive evaluation criteria, internal architecture details, or vendor comparisons that should not be silently stored on disk.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill’s automatic flow includes outbound collection from external services without warning the user about network access or possible disclosure of sensitive prompts, topics, or internal evaluation data. This is dangerous because even search queries and compared technologies can reveal roadmap, procurement, or architecture intentions to third parties.

Credential Access

High
Category
Privilege Escalation
Content
# Unified configuration using ~/.openclaw/.env

# Load Tavily API Key from unified config
if [ -f "$HOME/.openclaw/.env" ]; then
    export $(grep -v '^#' $HOME/.openclaw/.env | xargs)
    if [ -z "$TAVILY_API_KEY" ]; then
        echo "Error: TAVILY_API_KEY not found in ~/.openclaw/.env"
Confidence
96% confidence
Finding
.env"

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal