ClawHub

OpenCLI Tool Integration

Security checks across malware telemetry and agentic risk

Overview

This skill is a broad OpenCLI bridge that is not malicious, but it can use logged-in browser sessions, desktop apps, and powerful local CLIs with too little scoping or confirmation guidance.

Install only if you trust OpenCLI, its browser extension, and the accounts or local tools it can reach. Prefer a separate Chrome profile and non-production GitHub, Docker, and Kubernetes contexts, and require explicit confirmation before any logged-in, write, delete, publish, download, or infrastructure-changing action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger list is very broad and includes common platform names and generic terms like '热门', '网站数据', and '社交媒体', which can cause the skill to activate in contexts where the user did not explicitly request it. Because this skill can access logged-in browser sessions, control desktop apps, and proxy commands to external CLIs, unintended invocation materially increases the chance of unauthorized data access or destructive side effects.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill advertises capabilities to control local desktop applications, reuse Chrome login state, and invoke external tools like docker, kubectl, and gh, but it does not present a prominent upfront warning that these actions can read, modify, or exfiltrate data from user accounts and systems. In this context, the omission is dangerous because users may interpret the skill as informational while it actually has powerful write/control semantics across authenticated services and local tooling.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal