ClawHub

WorkflowHub

Security checks across malware telemetry and agentic risk

Overview

This skill is a local workflow/SOP memory tool that reads and edits user-chosen JSON workflow files, with no evidence of hidden exfiltration or unrelated behavior.

Install only if you want the agent to keep local reusable workflow memories. Use a dedicated directory such as ./.openclaw/workflows, review saved workflows before reuse, and keep the local UI bound to localhost unless you intentionally want network access.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill directs the agent to read and write workflow files, access environment-based paths like $CODEX_HOME, run helper scripts, and serve a local UI, but it does not declare corresponding permissions. That mismatch is a real security issue because users and the runtime cannot accurately understand or constrain the skill's capabilities, increasing the risk of unintended file access, persistence of sensitive data, or network/UI exposure.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The default prompt is broad enough to activate on generic workflow or repeated-task language, and it directs the agent to proactively check and propose reuse of saved workflows without clear scope boundaries. In a memory-oriented skill, over-broad invocation can cause unnecessary retrieval or suggestion of prior SOPs in contexts where they are irrelevant, increasing the risk of unintended context mixing, privacy leakage, or incorrect automation.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal