ClawHub

Openclaw Installer Cn

Security checks across malware telemetry and agentic risk

Overview

This OpenClaw installer helper is mostly relevant to its purpose, but it can lead an agent to make broad system, package-manager, and shell-profile changes without enough user review.

Use this skill for diagnosis and command suggestions first. Before allowing repairs, review each command and affected path, back up project files, avoid automatic sudo or rm commands unless the target is verified, inspect downloaded installer scripts before running them, and enter real API keys manually rather than letting an agent write secrets into shell profiles.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill advertises automatic repair actions and configuration generation that can change package manager settings, shell profiles, permissions, and user config files without clearly warning users about side effects. In an agent setting, vague 'auto-fix' behavior is risky because users may not realize persistent system changes will be made.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The quick-fix flow includes cache cleaning, dependency reinstall, permission repair, and config updates, but does not warn that these operations can delete local state, alter package resolution, or change filesystem ownership. In practice this can break existing development environments or overwrite user preferences, especially when performed by an automation agent.

Chaining Abuse

High
Category
Tool Misuse
Content
sudo chown -R $(whoami) /usr/local/lib/node_modules

# 或使用 nvm 管理 Node
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.0/install.sh | bash
nvm install 20
nvm use 20
```
Confidence
99% confidence
Finding
| bash

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal