ClawHub
Back to skill

Security audit

full scale openclaw skill auditor

Security checks across malware telemetry and agentic risk

Overview

The skill has a legitimate audit purpose, but it runs an unbundled sibling post-generator script and processes cloned repository contents with limited safety boundaries.

Review before installing. Use it only in a controlled workspace, audit public or intentionally shared repositories, inspect any ../post-generator directory before running Step 7, and delete generated audit folders if they contain repository content or logs you do not want retained.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Tp4

High
Category
MCP Tool Poisoning
Confidence
90% confidence
Finding
The skill promises a comprehensive safety and best-practice audit plus automatic bilingual post generation, but the described/implemented workflow appears incomplete relative to those claims. That mismatch is dangerous because users may rely on the skill for security review or public communication and receive a partial or nonexistent analysis, creating false assurance and potentially unsafe downstream decisions.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The workflow instructs the agent to clone third-party repositories and copy files locally without an explicit upfront warning or confirmation to the user. This is risky because it expands network and filesystem exposure, may process untrusted content from arbitrary repositories, and can surprise users who did not realize local storage or replication of repository contents would occur.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal