ClawHub

Feishu Cache Guardian

Security checks across malware telemetry and agentic risk

Overview

This skill appears to perform a real cache repair task, but it also edits a system-installed OpenClaw file, can restart the Gateway, and suggests recurring automation without enough user control or warning.

Review before installing. Only run this if you are comfortable editing the global OpenClaw installation and restarting the Gateway. Prefer running it manually first in check-only or diff/review form if available, back up the target file, and avoid enabling cron or recurring repair until the restart and reapplication behavior is clearly understood.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill’s stated purpose is to check and repair cache configuration, but it also restarts the OpenClaw Gateway as a side effect. This is a broader operational action than advertised, which can surprise users, cause service disruption, and create an opportunity for misuse if the script is invoked in automation expecting only a file edit.

Context-Inappropriate Capability

High
Confidence
90% confidence
Finding
The script imports child_process and executes a shell command to restart a service, which is a privileged capability beyond simple cache validation/repair. Even though the command string is static, this increases the blast radius of the skill: running it can alter system state, interrupt service availability, and normalize use of shell execution inside a maintenance tool.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs users to modify a system-installed file under the global OpenClaw package path and to configure recurring automated execution, but it does not clearly warn about the risks of persistent system modification, service restarts, or cron-based reapplication. This is dangerous because users may unknowingly create unstable or hard-to-audit behavior, especially when upgrades overwrite files and the automation keeps silently re-patching them.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal