ClawHub

OpenClaw自动进化系统

Security checks across malware telemetry and agentic risk

Overview

This skill is a small local workspace helper for health checks and learning notes, with some broad wording but no evidence of hidden exfiltration, credential access, destructive actions, or unsafe automatic behavior.

Install only if you want a local file-backed learning/status helper. Set OPENCLAW_WORKSPACE to a dedicated directory you control, periodically review or delete files under .learnings and state, and treat the autonomous self-evolution claims as lightweight local note-taking rather than a complete governance system.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Tainted flow: 'learning_file' from os.environ.get (line 52, credential/environment) → open (file write)

Medium
Category
Data Flow
Content
记录时间: {datetime.now().isoformat()}
"""
    
    with open(learning_file, "a") as f:
        f.write(content + "\n")
    
    return {"status": "success", "file": str(learning_file)}
Confidence
88% confidence
Finding
with open(learning_file, "a") as f:

Vague Triggers

Medium
Confidence
84% confidence
Finding
Broad trigger terms such as '自进化' and '学习闭环' can cause the skill to auto-activate in unrelated conversations, potentially invoking file writes, memory operations, or initialization unexpectedly. In a skill that claims persistence and automatic rule handling, ambiguous activation increases the chance of unauthorized or surprising side effects.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The markdown states that core memory is persistent across sessions and that first use automatically initializes a rule base, but it does not warn about what user data may be stored, where it is stored, retention, or system modifications. This creates privacy and consent risks, especially because persistent memory and automatic initialization imply durable side effects beyond a single interaction.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal