ClawHub

Workspace Analyzer

Security checks across malware telemetry and agentic risk

Overview

This skill is a local workspace reporting tool; its main risk is that its reports can reveal workspace metadata if stored or shared carelessly.

Install this only if you want an agent to inspect your OpenClaw workspace structure. Keep the scan root narrow, treat the JSON report as potentially sensitive metadata, avoid using the fixed /tmp output on shared machines when privacy matters, and review any suggested edits before allowing an agent to modify core files or create git commits.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
82% confidence
Finding
The skill documentation instructs the agent to run a local Python script over an arbitrary workspace root and also includes follow-on steps that write to configuration and repository state (for example updating ~/.openclaw/openclaw.json and running git add/commit). However, the skill declares no permissions, so its effective read/write capabilities are understated. This is dangerous because agents or policy engines may trust the manifest and allow execution without appropriate review, leading to unexpected access to workspace contents and unintended modification of local files.

Missing User Warnings

Low
Confidence
95% confidence
Finding
The script writes analysis output to a fixed path in /tmp without warning the user or using a unique secure temporary file. Because /tmp is typically world-writable, another local user or process could read, overwrite, or race on that file, potentially exposing workspace metadata or causing the script to consume attacker-controlled content later.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal