ClawHub

getskill

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed skill manager that installs and updates OpenClaw skills, but users should treat the remote CLI, repositories, and installer guidance as trust-sensitive.

Install only if you trust workskills.store and the @workskills/getskill CLI. Before running install or update, review the target skill source and remember that copied skills can persist and change how OpenClaw behaves. Use custom API endpoints only when you trust the endpoint and its returned repositories.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill explicitly instructs cloning repositories and copying entire skill directories into `~/.openclaw/skills`, which modifies the local filesystem and may overwrite or replace existing content, but it does not prominently warn the user about those side effects or require confirmation. In the context of a skill installer/updater that pulls remote content, silent filesystem modification increases the risk of accidental overwrite, persistence of untrusted code/instructions, and unsafe operator assumptions.

Missing User Warnings

High
Confidence
96% confidence
Finding
The skill states that on Windows it may automatically download and launch a Git installer, which is effectively remote code acquisition and execution behavior, yet the document does not require strong user consent, origin verification, or integrity checks. Because this skill also supports custom API endpoints and remote repository interactions, this makes the behavior especially dangerous: users may be induced to run downloaded installers without adequate provenance validation.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal