ClawHub

Migrator

Security checks across malware telemetry and agentic risk

Overview

This migration tool appears purpose-built rather than malicious, but importing an archive can broadly overwrite files in the user’s home directory and restores sensitive agent state without enough containment or rollback safeguards.

Install only if you are comfortable with a migration CLI that can read and restore sensitive OpenClaw state. Use strong unique passwords, keep .oca archives private, avoid passing passwords in shell history when possible, import only archives you created or fully trust, and back up existing OpenClaw files or restore to a temporary destination before importing into your home directory.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The README explicitly promotes exporting and importing agent configuration, memory, and skills, which are likely to contain sensitive credentials, personal data, or executable content, but it does not warn users about reviewing archive contents, protecting passwords, or the possibility of overwriting existing state on restore. In a migration tool, omission of these safety caveats can lead to accidental disclosure, unsafe transfer of secrets, or destructive imports even if the underlying code uses encryption.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The archive manifest includes host metadata such as the user's home directory, platform, architecture, Node version, workspace path, and timestamp, and this data is written into the archive by default. Even though the archive is encrypted, this still increases privacy risk because the information is collected without clear user disclosure or minimization, and once decrypted on the destination machine it exposes filesystem layout and environment details that may be unnecessary for migration.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal