ClawHub

Openclaw

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only security skill for handling agent secrets and wallet permissions, with some high-risk examples that need careful scoping but no hidden or malicious behavior.

Install only if you are intentionally building agents that handle secrets or wallet permissions. Use a dedicated vault, avoid giving agents master keys, keep session keys short-lived and tightly scoped, require confirmations for high-value operations, and do not use open delegations unless you fully understand and constrain the risk.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The document presents a 'minimum recommended' caveat stack that includes value limits and nonce-based revocation, but the earlier Solidity and TypeScript delegation-creation examples omit some of those protections. Readers may copy the examples as production guidance, resulting in delegations that are materially less constrained than the document's own security baseline.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The open delegation section normalizes a pattern where any address can redeem a delegation, which substantially broadens the set of entities that can exercise delegated authority. In a skill about secure key management and agent-controlled funds, that design sharply increases the attack surface and can enable unauthorized or unexpected execution if caveats are imperfect, misconfigured, or too permissive.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The example shows an 'any agent can redeem' delegation without an immediate, prominent warning about the elevated risk of making delegated authority broadly redeemable. Because this is documentation for a security-focused skill, omission of that warning is dangerous: users may infer the pattern is acceptably safe for routine use and deploy it in contexts involving funds or secrets.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal