ClawHub

NavClaw

Security checks across static analysis, malware telemetry, and agentic risk

Overview

NavClaw appears to do what it claims—plan Amap driving routes—but users should handle location logs, the Amap API key, and optional Mattermost posting credentials carefully.

Before installing, make sure you are comfortable storing an Amap API key and route locations in the skill folder. If using Mattermost, configure a dedicated bot token and private channel, or run with --no-send and manually share only the results you want.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

No VirusTotal findings for this skill version.

Malicious
0
Suspicious
0
Harmless
0
Undetected
65
View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#ASI02: Tool Misuse and Exploitation
Low
What this means

Route details may be automatically posted to the configured Mattermost channel after a navigation run.

Why it was flagged

When Mattermost is configured, the wrapper posts route results and can upload the log file unless --no-send is used.

Skill content
if not args.no_send: ... success = send_mattermost_message(msg) ... file_id = upload_file_to_mattermost(log_path)
Recommendation

Use --no-send for private runs, and confirm the Mattermost channel is appropriate before enabling automatic posting.

#ASI03: Identity and Privilege Abuse
Low
What this means

Anyone with access to the config file could use the Amap key or Mattermost bot token according to those services' permissions.

Why it was flagged

The skill expects a service API key and optionally a Mattermost bot token/channel ID stored in config.py.

Skill content
API_KEY = "your_amap_api_key_here" ... MM_BOT_TOKEN = "" ... MM_CHANNEL_ID = ""
Recommendation

Use least-privileged keys/tokens, avoid sharing config.py, and rotate credentials if they are exposed.

#ASI04: Agentic Supply Chain Vulnerabilities
Info
What this means

Future installations may resolve to different requests versions, which can affect reproducibility.

Why it was flagged

The only third-party dependency is disclosed, but it is not pinned to an exact version.

Skill content
requests>=2.20.0
Recommendation

Install in a virtual environment and consider pinning or reviewing dependency versions for production use.

#ASI06: Memory and Context Poisoning
Low
What this means

Route history, home/default destination, and precise location data may persist in local logs or be forwarded as attachments.

Why it was flagged

The sample log shows that generated logs can include origin/destination names and precise coordinates.

Skill content
- 起点:北京南站 (116.378059,39.867679)
- 终点:广州南站 (113.277732,22.989125)
Recommendation

Review or delete logs after use, avoid logging sensitive trips, and be careful before sending log attachments to shared channels.