ClawHub

Openclaw Retro

Security checks across malware telemetry and agentic risk

Overview

This appears to be a repository retrospective/reporting skill whose local git and project inspection is aligned with its purpose, but users should expect contributor and project details to appear in outputs.

Install only for repositories where you are comfortable letting an agent inspect git history, contributor metadata, test structure, and TODO/backlog notes. Review the generated retro before sharing it outside your team, and avoid running it on repositories containing confidential roadmap items or sensitive personal contributor data unless that disclosure is acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly collects contributor identity data (`git config user.name`, `git config user.email`) and detailed repository activity without any user-facing disclosure or consent step. This creates a privacy risk because the generated retro can expose personal identifiers and behavioral patterns of the current user and teammates to the model output or downstream logs.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill performs broad local repository inspection, including enumerating test files and reading `TODOS.md`, but does not tell the user that local project contents will be accessed and summarized. This is dangerous because retrospective output may reveal sensitive roadmap items, internal notes, or repository structure that users did not realize would be ingested or surfaced.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal