ClawHub

Huo15 Research Pipeline

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed research-writing workflow that uses OpenClaw LLM calls and saves generated research files locally, with control and privacy caveats but no evidence of deception or unrelated access.

Install only if you are comfortable with a shell-based workflow that writes research outputs under your OpenClaw home directory and sends research prompts through your configured OpenClaw LLM service. Use explicit invocation rather than relying on broad trigger phrases, and avoid confidential or proprietary topics unless your LLM/provider settings are acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger alias includes the very broad phrase "自动研究", which can overlap with ordinary user language and cause the skill to activate unintentionally. In a skill that can run a multi-phase pipeline, invoke external tools, and write files under the user's home directory, accidental activation can lead to unintended network activity, local file creation, and confusing automation.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The documented trigger pattern "研究 [课题]" is overly generic and lacks scope limits or exclusions, making normal conversational requests likely to match. Because this skill is designed to autonomously progress through research stages and may call CLI tools and save outputs locally, an overbroad trigger increases the risk of unintended execution and side effects.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill states that all artifacts are saved to a fixed path under $HOME, but it does not prominently warn users that invoking the skill will perform local filesystem writes. This creates a transparency and consent problem: users may unknowingly populate persistent directories with logs and research content, which can expose sensitive topics, clutter storage, or interact poorly with synced knowledge bases like Obsidian.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script sends user-provided research topics and generated intermediate documents to an external LLM via `openclaw llm generate` without any explicit consent or warning. In a research workflow, prompts may contain unpublished ideas, confidential data, proprietary notes, or sensitive personal information, so silent transmission to a third-party model can cause unintended data disclosure.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal