ClawHub

openclaw-oss-skills

Security checks across malware telemetry and agentic risk

Overview

This skill transparently uploads selected artifacts to Alibaba Cloud OSS and returns signed links, but users should be careful because it can be invoked implicitly for sharing workflows.

Install only if you want agents to upload generated artifacts to your Alibaba Cloud OSS bucket. Use least-privilege or temporary OSS credentials, verify the bucket and endpoint, confirm the exact files before uploading, avoid sensitive or regulated data unless intentional, and clean up uploaded objects or temporary zip files if retention matters.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The description uses very broad trigger phrases such as upload, share, publish, and return downloadable links for many artifact types, which can cause the skill to activate for ordinary user requests without sufficient scrutiny. In this context, that is risky because activation leads to external transmission of local workspace artifacts to a cloud bucket using ambient credentials, increasing the chance of unintended data exfiltration.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The markdown instructs the agent to upload artifacts to a remote Alibaba Cloud OSS bucket and return a signed URL, but it does not prominently warn users that files and related metadata will leave the local environment using environment-based credentials. Because the skill is designed for sharing generated outputs, the absence of a user-facing disclosure and consent step materially raises the risk of accidental exfiltration of sensitive files, filenames, or report contents.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The skill is configured for implicit invocation and its trigger language is broad enough to match many ordinary requests to upload, share, publish, or return links for generated files. That can cause the agent to invoke external upload behavior without sufficiently explicit user confirmation or tight scoping, increasing the chance of unintended data disclosure to OSS and exposure via signed links.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal