ClawHub

qg-skill-sync

Security checks across malware telemetry and agentic risk

Overview

This skill openly syncs team skills from Git, but it can keep changing local agent behavior automatically from an unpinned repository.

Install only if you trust the configured Git repository and want it to be able to update your local OpenClaw skills automatically. Prefer reviewing repository changes before syncing, backing up ~/.openclaw/skills, pinning to a trusted commit or branch, and removing the qg-skill-sync cron jobs if you do not want continuing automatic updates.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger phrases are broad enough to match generic requests like installing, updating, or syncing skills, which can cause this skill to activate in contexts the user did not specifically intend. Because the skill performs shell execution and persistence setup, accidental invocation increases the chance of unwanted system changes.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill instructs immediate execution of initialization and cron-creation commands that clone remote content, write into `~/.openclaw/skills/`, save configuration, and create persistent scheduled jobs. Doing this without an explicit warning and affirmative consent is dangerous because it both changes the local environment and establishes automated future execution of code sourced from a Git repository.

Missing User Warnings

Low
Confidence
90% confidence
Finding
The manual sync command updates local skill files from a remote-backed repository without warning that existing local skills may be overwritten or altered. In this context, synced skills influence future agent behavior, so silent updates can introduce unexpected or malicious capabilities into later sessions.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script automatically pulls remote repository changes and then mirrors skill directories into the local OpenClaw skills path using `rsync -a --delete`. This creates a real supply-chain and destructive sync risk: any malicious, compromised, or mistaken upstream change can be propagated locally and local files under the destination path can be deleted without an interactive warning or approval step.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal