ClawHub

OpenClaw Hardener

Security checks across malware telemetry and agentic risk

Overview

This appears to be a disclosed OpenClaw security-hardening skill whose broad local access is tied to its stated purpose, with no artifact-backed evidence of exfiltration or hidden destructive behavior.

Install only if you are comfortable letting it inspect your repository and ~/.openclaw state and run local OpenClaw/git/python/bash commands. Review proposed fixes before applying them, and prefer running it in a clean working tree or test OpenClaw profile first.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill advertises and instructs use of a Python script that performs shell commands, reads workspace and home-directory files, and inspects environment-sensitive locations, but the manifest does not declare corresponding permissions. This creates a trust and review gap: operators may approve or run the skill without understanding that it can access files, environment-derived paths, and execute external commands, increasing the chance of unintended data exposure or command execution in sensitive contexts.

Scope Creep

Medium
Confidence
90% confidence
Finding
The manifest claims expected writes only under ~/.openclaw, but it grants write access to the entire repository via <repo>/**. This creates a capability/documentation mismatch that can let the skill modify source files, configs, hooks, or CI artifacts in the workspace even though users and reviewers may expect it to touch only OpenClaw state. In a hardening skill, broad repo write access is especially sensitive because it could silently alter security-relevant files under the guise of remediation.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal