Clawnexus

Security checks across malware telemetry and agentic risk

Overview

Clawnexus is a disclosed LAN discovery helper for OpenClaw instances, with expected local daemon, scan, alias, and registry behavior.

Install only if you trust the clawnexus npm package and want a local daemon that discovers OpenClaw instances on your network. Use scan and alias-changing commands only on networks where you are allowed to probe devices, and review or clear ~/.clawnexus/registry.json if you do not want discovered instance history retained.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The skill explicitly instructs triggering a LAN scan via the local daemon without any user-facing warning, consent check, or discussion of privacy and network impact. Even though the request is sent to localhost, it causes active discovery of other systems on the local network, which can expose device metadata and create unintended scanning activity in environments where network probing is sensitive or prohibited.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal