ClawHub

JQOpenClawNode skill

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed remote-administration skill, but it gives an agent broad control over a computer without enough built-in scoping or approval guidance for sensitive actions.

Install only for trusted administrative use on nodes you control. Keep Gateway allowCommands as narrow as possible, require explicit user approval before screenshots, clipboard access, input automation, command execution, file deletion/overwrite, process termination, and self-update, and avoid node.selfUpdate unless the update source is authenticated and independently verified.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill documents remote screenshot capture and upload but does not require any explicit user consent, visibility, or warning about the privacy-sensitive nature of collected screen contents. Because screenshots can expose credentials, messages, documents, and other sensitive data, documenting and enabling this capability without strong guardrails materially increases surveillance and data-exfiltration risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The system.info capability collects user, host, IP, disk, CPU, and GPU details, which are useful for fingerprinting, targeting, and environment reconnaissance. Presenting this collection behavior without an explicit warning or approval model makes it easier to gather privacy-sensitive and operationally sensitive host metadata without informed user awareness.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
Clipboard contents commonly contain passwords, tokens, wallet addresses, personal data, and copied confidential text. A skill that supports clipboard read/write without an explicit warning, consent flow, or use restriction creates a direct avenue for sensitive data theft or user manipulation.

Missing User Warnings

High
Confidence
99% confidence
Finding
The self-update flow downloads executable content over HTTP/HTTPS, writes files, generates a batch script, and replaces the running node, which is a direct code-execution and persistence mechanism. Even with MD5 verification, this is unsafe because MD5 is collision-prone and the documentation does not require trusted signing, pinned transport, or explicit operator approval before replacing the agent binary.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
Remote mouse and keyboard control enables direct manipulation of user state, including clicking through dialogs, entering commands, submitting forms, and altering data. Although the spec mentions asynchronous behavior and latest-wins semantics elsewhere, it lacks a strong safety warning and approval requirement commensurate with the risk of irreversible or covert user-impacting actions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal