ClawHub

ZugaShield Security Scanner

Security checks across malware telemetry and agentic risk

Overview

ZugaShield appears security-focused, but it runs a separate Python scanner that can inspect and block broad OpenClaw traffic, with enough package/source ambiguity to warrant review.

Review before installing. Use this only if you trust both the OpenClaw plugin and the separate zugashield Python MCP package, verify the package names and repository provenance, and consider pinning versions. Expect the scanner to see messages, tool arguments, model outputs, and recalled memory, and expect fail-closed settings to block activity when the scanner is unavailable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The file-level documentation promises 'ALWAYS FAIL-CLOSED' behavior for tool execution, but the implementation immediately returns when `config.scan.tool_calls` is false, completely disabling pre-execution scanning. This creates a dangerous security gap: operators may rely on the documented guarantee while an attacker or misconfiguration disables the only control protecting high-risk tools such as shell or HTTP execution.

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The test explicitly codifies that pre-tool-execution fails closed on scanner outage even when the global configuration sets fail_closed=false. If the documented/plugin intent is configurable fail-open versus fail-closed behavior, this creates a security-relevant inconsistency that can surprise operators and cause denial of service for all tool use whenever the scanner is unavailable. In this skill context, tool execution is a high-risk boundary, so hard-failing may be defensible, but the mismatch between configuration semantics and actual behavior is still a real vulnerability in reliability/security design.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal