ClawHub

multi-agent-deploy

Security checks across malware telemetry and agentic risk

Overview

This skill is meant to create new OpenClaw assistants, but it makes persistent configuration changes with broad triggers and has a path bug that can create files outside the documented location.

Review before installing or running. Only use it when you explicitly want a persistent new OpenClaw assistant, back up ~/.openclaw/openclaw.json first, inspect the generated paths, and fix or account for the workspace path mismatch before deployment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill instructs execution of a deployment script that reads and writes under ~/.openclaw, creates directories, copies workspace files, and modifies openclaw.json, yet the skill metadata declares no permissions. This creates a transparency and policy-enforcement gap: users and orchestrators may invoke a system-modifying skill without realizing it can alter local state and agent configuration.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger phrases are very broad natural-language requests like '新增一个 agent' and '加一个日常助手', which can overlap with ordinary conversation and cause the skill to run when the user did not intend to perform a deployment. Because this skill creates directories and updates openclaw.json, accidental invocation can lead to unintended system changes rather than a harmless response.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README highlights convenience features but does not clearly warn that the skill will create agent directories, copy workspace files, and modify the local openclaw.json configuration. When paired with easy invocation, this lack of disclosure increases the chance of users authorizing or triggering persistent system changes without informed consent.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The skill description and examples use broad natural-language triggers such as '新增一个 agent' and '加一个日常助手', which are common requests that could be matched in contexts where the user is only discussing options rather than authorizing deployment. Because the skill performs filesystem and configuration changes, ambiguous invocation increases the risk of unintended agent creation and config drift.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The activation section lists intents but provides no scope boundaries, no prerequisite checks, and no negative examples. In a skill that creates new workspaces, agent directories, and updates shared configuration, lack of clear guardrails makes accidental or over-broad activation more dangerous than for a read-only skill.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill documents creation of new workspaces and agent directories and modification of ~/.openclaw/openclaw.json without a clear warning that these are persistent system-impacting changes. Users may interpret the skill as a lightweight assistant action, when in fact it changes deployment state and future runtime behavior.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The guidance to restart the gateway omits caution that restarting a shared service affects current system state and may interrupt running sessions or temporarily disable agent availability. While lower impact than arbitrary file modification, it still changes operational state and can surprise users in multi-agent or production environments.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal