ClawHub

OpenClaw Skill Scaffolder

Security checks across malware telemetry and agentic risk

Overview

This appears to be a billing-enabled scaffold generator, but it under-discloses external data sharing and automatic charging behavior.

Review this before installing or deploying it. Confirm the external endpoint, what setup data is sent, how billing API secrets are stored, exactly when charges occur, and whether generated templates require explicit user consent before charging downstream users.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill instructs users to POST data to an external Workers endpoint, which is a network capability, yet no explicit permissions or equivalent disclosure are declared in the skill metadata. This creates a transparency and trust problem: users may invoke the skill without understanding that it transmits data off-platform to a third-party service.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation directs users to send a user identifier, skill name, description, pricing, and environment-variable configuration to a remote endpoint without any privacy warning, retention statement, or minimization guidance. Even if this is intended for scaffolding, it exposes potentially sensitive metadata to a third party with no clear notice or safeguards.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill requires a billing API secret and states that the endpoint charges billing and returns templates, but it does not clearly warn users that generated scaffolds will be wired to charge before performing work. This can lead to unexpected financial actions being embedded into generated code and deployed by users who did not fully understand the billing behavior.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
This endpoint performs a billing action as part of a normal POST request before returning the generated scaffold, but the code shown provides no explicit confirmation, consent flow, or in-band disclosure that using the endpoint will trigger a charge. That creates a risk of deceptive or surprise billing, especially because the skill markets itself as a code generator and the charge occurs automatically once required fields are present.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The generated worker template sends a user identifier to an external billing service and charges the user before executing skill logic, but the template contains no built-in disclosure, consent flow, or transparency mechanism for downstream users. In a scaffolder that advertises pre-wired billing, this behavior is somewhat expected, but omission of explicit notice and consent handling can still lead to privacy, compliance, and user-trust issues when developers deploy the generated code as-is.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal