ClawHub

本地文件上传云端

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says by uploading a user-selected local file to Qiniu Cloud Storage, but users should treat uploaded files as potentially public.

Install only if you intend to upload selected local files to Qiniu Cloud Storage. Do not use it for private or confidential files, verify the Qiniu bucket/domain and credential scope first, and install the qiniu package from a trusted source.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill performs sensitive capabilities—reading local files and making network uploads—without declaring permissions, which undermines transparency and informed consent for users or calling systems. In this context, the risk is real because the skill uploads arbitrary local files to a cloud bucket and can expose their contents externally, so missing permission declarations materially increase the chance of unintended data disclosure.

Tp4

High
Category
MCP Tool Poisoning
Confidence
91% confidence
Finding
The stated behavior says the skill uploads a file and returns a URL, but the implementation also reads ~/.openclaw/config.json to obtain credentials and storage settings, which is a security-relevant side effect not disclosed in the description. This mismatch is dangerous because hidden access to local configuration/secrets reduces user awareness and could expose cloud credentials or other sensitive configuration data if the skill is modified, misused, or broadly trusted based on incomplete documentation.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal