ClawHub

ClawSpa

Security checks across malware telemetry and agentic risk

Overview

ClawSpa is a disclosed local maintenance and security-audit skill, with sensitive but purpose-aligned local inspection and report persistence users should handle carefully.

Install this only if you want a local audit tool that can read your agent memory, installed skills, configuration, and recent logs. Treat generated reports and history as potentially sensitive, approve any cleanup or uninstall action explicitly, and use optional cloud/deep analysis only after checking exactly what data clawspa.org receives.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The procedure explicitly instructs reading live host scheduling state via `crontab -l`, which expands the skill from document alignment review into system-level inspection. That increases data access and can expose operational details about the environment that are not necessary for many runs of an alignment check.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README presents optional cloud/deep analysis with inconsistent disclosure about what data is transmitted. The English section says to review site privacy/docs before sharing aggregated metadata, while the Chinese section claims only aggregated statistics and pattern markers are sent and never raw memory, credentials, or history; this mismatch can mislead users about data exposure and consent. Because this skill handles security scans, memory cleanup, and prompt-injection residue, even aggregated telemetry may be sensitive.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The skill description contains many broad natural-language activation phrases such as 'health check', 'memory cleanup', and 'scan my skills' that can plausibly appear in ordinary conversation. This raises the chance the skill is invoked unexpectedly, causing it to inspect local memory, installed skills, or configuration when the user may not have intended to run a maintenance/audit workflow.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The procedure directs broad review of recent daily memory/chat logs and system scheduling data without any minimization, redaction, or warning about sensitive content. That can unnecessarily surface private user preferences, operational history, and system metadata during analysis or downstream reporting.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The procedure instructs the agent to create files under `memory/spa-reports/` in the user's workspace without any explicit consent, warning, or opt-in at the point of action. Even though the content is a health report, automatic persistence can unexpectedly modify user data, retain sensitive scan results, and create privacy or audit concerns in environments where read-only analysis was expected.

Session Persistence

Medium
Category
Rogue Agent
Content
## Setup

On first run, create `~/.openclaw/clawspa/` with `config.md` and `history/`. Optional cloud analysis is documented on clawspa.org, not in the published skill bundle.

## Local Treatments (free)
Confidence
82% confidence
Finding
create `~/.openclaw

VirusTotal

48/48 vendors flagged this skill as clean.

View on VirusTotal