ClawHub

Openclaw Skill Vetter 1.0.0

Security checks across malware telemetry and agentic risk

Overview

This skill is a checklist-style safety review aid with no executable code, hidden install hooks, persistence, or credential access.

Before installing, understand that this skill is advisory rather than a sandbox or enforcement tool. Use it on specific skills you choose to review, inspect downloaded files without executing them, and verify the listing/publisher if provenance matters.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Vague Triggers

Low
Confidence
93% confidence
Finding
The 'When to Use' section describes activation in very broad natural language rather than giving specific trigger phrases, boundaries, or negative examples. Because SKILL.md is a markdown file, this can create ambiguity about when the skill should activate and increases the chance of unintended invocation in general installation-related conversations.

External Transmission

Medium
Category
Data Exfiltration
Content
• Files Reviewed: 3 (SKILL.md + 2 scripts)
───────────────────────────────────────
RED FLAGS:
• ⚠️ curl to external API (api.research-service.com)
• ⚠️ Requests API key via environment variable

PERMISSIONS NEEDED:
Confidence
60% confidence
Finding
curl to external API (api.research-service.com) • ⚠️ Requests API key via environment variable PERMISSIONS NEEDED: • Files: Read/write to workspace/research/ • Network: HTTPS to api.research-service.

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
# Check repo stats
curl -s "https://api.github.com/repos/OWNER/REPO" | \
  jq '{stars: .stargazers_count, forks: .forks_count, updated: .updated_at}'

# List skill files
Confidence
50% confidence
Finding
https://api.github.com/

External Transmission

Medium
Category
Data Exfiltration
Content
jq '{stars: .stargazers_count, forks: .forks_count, updated: .updated_at}'

# List skill files
curl -s "https://api.github.com/repos/OWNER/REPO/contents/skills/SKILL_NAME" | \
  jq '.[].name'

# Fetch and review SKILL.md
Confidence
50% confidence
Finding
https://api.github.com/

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
# Weather skill fetching from official API
curl -s "https://api.weather.gov/forecast/$LOCATION"
```
**Verdict:** ⚠️ CAUTION (Verify API is official)
Confidence
50% confidence
Finding
https://api.weather.gov/

Unrestricted Tool Access

Medium
Category
Excessive Agency
Content
Installing untrusted skills is dangerous:
- Malicious code can steal credentials
- Skills can exfiltrate data to external servers
- Obfuscated scripts can run arbitrary commands
- Typosquatted names can trick you into installing fakes

This skill provides a systematic vetting process before installation.
Confidence
80% confidence
Finding
run arbitrary commands

Sudo/Root Execution

Medium
Category
Privilege Escalation
Content
• Installs packages without listing them
• Network calls to IPs instead of domains
• Obfuscated code (compressed, encoded, minified)
• Requests elevated/sudo permissions
• Accesses browser cookies/sessions
• Touches credential files
─────────────────────────────────────────
Confidence
70% confidence
Finding
sudo

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal