ClawHub

Agent Builder Plus

Security checks across malware telemetry and agentic risk

Overview

This skill is a legitimate agent-building guide, but its templates give generated agents broad autonomous, persistent, and privileged powers that need human review before use.

Install only if you are prepared to review and edit the generated templates before using them. Remove the no-approval language, disable autonomous commit/push and proactive external checks unless explicitly needed, keep credentials out of workspaces, manually verify channel bindings, and treat the systemd section as an optional admin deployment guide rather than something an agent should execute automatically.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill’s stated purpose is to generate or iterate on an agent workspace, but this section goes further by instructing modification of global OpenClaw configuration, registration of live agents, and setup of real channel/auth bindings. That expands the blast radius from local file generation to operational deployment, credential handling, and live message routing, which can disrupt existing agents or expose secrets if followed automatically.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
Including systemd service creation and management introduces privileged host-level persistence and process control that is not necessary for an agent-builder skill. If an agent follows these instructions, it could install a persistent service, run on boot, and alter system state well beyond the expected workspace-authoring boundary.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The template contains conflicting authority rules: earlier it requires explicit permission before destructive or state-changing actions, then later says "Don't ask permission. Just do it." In an agent-builder skill, this contradiction can cause downstream agents to act autonomously in situations where user consent is required, weakening safety guarantees and increasing the chance of unauthorized file or system changes.

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The file says the agent should continue with safe defaults if SOUL.md is missing, but later marks SOUL.md as required during startup validation. This inconsistency can lead to unpredictable degraded-mode behavior, misconfiguration, or agents running with weaker-than-expected constraints when core identity and boundary files are absent.

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
The template correctly restricts loading MEMORY.md in shared contexts, but later grants broad heartbeat and proactive external-check behavior without restating or enforcing that context boundary. In practice, background tasks may access sensitive long-term memory or act on private data while operating in contexts where that data should not be consulted or exposed.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The template instructs the agent to create and maintain daily memory and long-term memory files derived from conversations, but does not require transparent disclosure or consent for persistent storage. That can cause silent retention of user data, preferences, and sensitive context beyond the current session, creating privacy and compliance risks.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The heartbeat section authorizes file edits, background checks, and proactive monitoring of external services without a clear user-facing warning or opt-in model. In an agent-construction template, this can normalize hidden autonomous behavior that affects user data, third-party services, or communications without informed consent.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal