ClawHub

Skill Openclaw Library Monitor

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims: it stores a local book list, checks Shenzhen Library availability, and optionally sends notifications, with no artifact-backed evidence of deception or exfiltration.

Install only if you are comfortable with a local Python tool that stores your monitored books on disk, contacts Shenzhen Library, and can use SMTP credentials for alerts. Use a private working directory, an app-specific email password, restrictive permissions on config.yaml, and start the scheduler only when you want ongoing checks.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README instructs users to place live SMTP credentials, including an email password, directly into a plaintext YAML configuration file without any security warning or safer alternative. In a skill with filesystem, network, and shell permissions, this increases the likelihood of credential exposure through accidental commits, local disclosure, logs, backups, or later misuse by the skill or other processes.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger phrases include broad terms like `library`, `book monitor`, and `book availability`, which can match ordinary user requests and invoke the skill unexpectedly. Because the skill has network, filesystem, and shell permissions, accidental activation increases the chance of unintended command execution, data writes, or external requests in contexts where the user did not clearly consent.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The user-facing description explains functionality but does not clearly warn that the skill writes persistent data such as `book_list.json` and may modify local configuration. This can surprise users and lead to unwanted storage of reading interests or identifiers on disk, which is a privacy and consent issue, especially in shared or managed environments.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The configuration includes email notification settings, SMTP credentials, recipients, and network transmission behavior, but the skill description does not provide a privacy or security warning about sending book-monitoring data and handling secrets. Users may expose credentials in plaintext config files or transmit personal reading-interest metadata over email without understanding the risks.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger phrase "library" is very generic and can match many ordinary user requests unrelated to this skill. Because the skill has network, filesystem, and shell permissions, accidental activation could route benign conversations into a higher-privilege skill context, increasing the risk of unintended actions or data access.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The Chinese trigger "图书馆" (library) is similarly broad and likely to appear in normal conversation, making unintended activation plausible. In this skill, that ambiguity is more dangerous because the declared permissions include shell and filesystem access, so misrouting is not just a usability issue but a security boundary concern.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger "借书" (borrow books) is a common everyday phrase and may capture routine requests that do not intend to invoke this specific skill. Given the skill's elevated permissions and ability to access external resources, broad activation increases the chance of unnecessary privileged execution and unsafe prompt routing.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal