ClawHub

clawpet

Security checks across malware telemetry and agentic risk

Overview

This is a coherent pet companion skill, but users should trust the external GitHub CLI it runs and confirm Telegram sharing before using image features.

Install only if you trust the referenced GitHub repository and are comfortable running an unpinned CLI dependency. For image requests, update the hardcoded local paths for your environment and confirm that sending the generated image to Telegram is what you want.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Tp4

High
Category
MCP Tool Poisoning
Confidence
93% confidence
Finding
The skill is presented as a simple pet companion, but its actual operation depends on installing and executing code directly from a remote GitHub repository. That creates a supply-chain and trust-boundary problem: users may believe they are invoking harmless local pet-management logic when they are actually running unpinned third-party code with whatever permissions the agent has.

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The documented workflow expands from pet interaction into image generation and external delivery, which is broader than the declared skill purpose. This hidden capability increases attack surface and can lead to unexpected data handling or outbound actions that a user did not anticipate from a pet companion skill.

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
The skill includes outbound Telegram messaging even though that behavior is not essential to core pet management. Any capability to send content externally can be abused for exfiltration, spam, or unintended disclosure, especially when it is embedded in a seemingly innocuous skill.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The wrapper transparently fetches and executes code from a remote GitHub repository at runtime instead of invoking only bundled, reviewable local code. This creates a supply-chain and trust-boundary problem: the behavior of the skill can change at any time based on external repository state, and the manifest description does not disclose that users are effectively running remote code.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
For a pet companion skill, there is no obvious functional need for a shell wrapper to retrieve and execute arbitrary upstream code from GitHub on demand. That capability gives the skill author or a compromised upstream repository a path to execute unexpected code in the user's environment, making the skill materially more dangerous than its stated scope suggests.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The instructions tell the agent to send a generated image over Telegram without warning the user that a local file will be transmitted to an external service. Lack of transparency around external transmission undermines consent and can expose generated or local content outside the host environment.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script invokes `uv tool run --from` or `uvx --from` against a Git repository without any user-facing warning, confirmation, or indication that code will be downloaded and executed. This removes informed consent and makes socially engineered or unexpected remote execution more likely, especially because users may assume they are running a simple local pet utility.

Unrestricted Tool Access

Medium
Category
Excessive Agency
Content
```
   This saves the image to `/home/yaze/.openclaw/workspace/YYYY-MM-DD-HH-MM-pet-name.png`

3. **Send the image with message tool:**
   ```
   message(action="send", channel="telegram", media="/home/yaze/.openclaw/workspace/YYYY-MM-DD-HH-MM-pet-name.png", message="🐾 <pet_name> 的即時快照")
   ```
Confidence
84% confidence
Finding
tool:*

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal