ClawHub

clawl skill

Security checks across malware telemetry and agentic risk

Overview

The skill mostly matches its registration purpose, but it sends data to an unexpected default endpoint and can overwrite a local discovery file without the documented confirmation.

Install only if you are comfortable publishing your agent name, description, capabilities, and optional contact/site fields. Review or back up any existing clawl.json before running the script, and set CLAWL_API yourself if you expect registration to go to clawl.co.uk rather than the default Vercel endpoint.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
79% confidence
Finding
The invocation text is overly broad, causing the skill to trigger on generic discussions about Clawl, agent discovery, or clawl.json rather than clear user intent to register or publish metadata. That increases the chance the agent will run registration-related logic unnecessarily, potentially reading local identity/config files and sending public metadata to a third-party service without sufficiently specific user authorization.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script auto-detects local identity/configuration data from files like openclaw.json, SOUL.md, and IDENTITY.md, then later sends derived fields to a remote service without an explicit consent prompt at the point of collection or transmission. In a skill whose purpose is remote registration/discovery, this increases privacy risk because users may unintentionally publish locally stored metadata or capability information to an external endpoint.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal