Harness

Security checks across static analysis, malware telemetry, and agentic risk

Overview

The artifacts are a disclosed ClawHub/OpenClaw registry and tooling package with some powerful but purpose-aligned CLI, publishing, and moderation capabilities.

Install only if you intend to use ClawHub/OpenClaw registry tooling and are comfortable granting it the credentials needed for publishing, syncing, GitHub workflows, or staff moderation. Review any command that deletes, restores, publishes, comments on PRs, or changes user roles before approving it.

SkillSpector (1)

By NVIDIA

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The skill advertises broad automatic activation for a wide set of loosely related topics, which can cause it to load in contexts the user did not explicitly intend. In a knowledge skill, over-broad triggers increase the chance of irrelevant or misleading guidance being injected into unrelated conversations, expanding prompt surface area and potentially influencing agent behavior unexpectedly.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal