ClawHub

Dynamic Skill Manager

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it claims, but it can delete installed skills and stores usage context locally without enough user control or disclosure.

Install only if you want a local tool that can manage and remove OpenClaw skills. Before uninstalling, inspect the target skill name carefully and consider backing it up. Avoid passing secrets or sensitive task details as tracking context, and periodically review or delete ~/.openclaw/workspace/.skill-manager/ if you do not want usage history retained.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill documentation clearly describes file-reading and file-writing behavior via a Python script that maintains registry and usage-log data, but the skill metadata declares no permissions. This creates a transparency and policy-enforcement gap: an agent or platform may invoke the skill without understanding it can modify local state or remove installed skills.

Vague Triggers

Medium
Confidence
80% confidence
Finding
The invocation guidance is broad enough to match general 'cleanup', 'management', or lifecycle tasks, which could cause the skill to be selected in situations where the user did not explicitly request skill inspection or uninstallation. Because this skill includes destructive management actions, over-broad triggering increases the chance of unintended deletion or state changes.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The README advertises an uninstall command and labels it 'safe', but it does not pair that command with a prominent warning that it deletes installed skill content and changes the local environment. In an agent setting, such framing can normalize destructive operations and reduce the likelihood of obtaining clear user confirmation before removal.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The code persists user-provided context summaries to a local JSONL log without minimization, redaction, consent, or any user-facing disclosure in the CLI flow. If those summaries contain secrets, personal data, or sensitive task details, they become a durable privacy and data-exposure risk to any process or user that can read the workspace files.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal