ClawHub

Quick Team

Security checks across malware telemetry and agentic risk

Overview

This skill is an instruction-only helper for creating OpenClaw team-member files and configuration, with important but disclosed local side effects.

Install only if you are comfortable with a skill that edits OpenClaw runtime configuration. Review every diff before approving, avoid allowAgents ["*"] unless you truly need it, back up openclaw.json, replace the hard-coded MEMORY identity fields, and do not save API keys in generated files unless that is intentional.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The documented tools include web access (`web_search`, `web_fetch`) and arbitrary script execution (`exec`), which are broader than needed for a skill whose stated purpose is generating local directory structures and configuration templates. This capability mismatch increases attack surface and can enable data exfiltration, remote content ingestion, or unintended command execution if an agent follows the tool guidance blindly.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The prescribed workflow focuses on searching the web and reading pages instead of creating local team-member scaffolding and configuration files. When instructions diverge from the declared skill purpose, agents may be steered into unnecessary external interactions, increasing the risk of prompt injection, collection of untrusted content, and actions unrelated to user intent.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The template hard-codes identifiable real-person controller details (name, timezone, role) into a reusable memory scaffold. This creates an unnecessary privacy and data-governance risk because every generated team member memory file will replicate personal information by default, potentially exposing identity data in downstream repositories, prompts, or shared artifacts.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger phrases are very broad and overlap with common conversational requests like 'add a team member' or 'create a role', which can cause the skill to activate unintentionally. In this skill, accidental activation is more sensitive than usual because the documented workflow includes modifying ~/.qclaw/openclaw.json and restarting the Gateway, both of which affect runtime behavior and active sessions.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal