ClawHub
Back to skill

Security audit

MIAB Broker

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed local callback/queue helper with opt-in Discord notification, but users should avoid sending sensitive task details through the observer.

Install only if you want agents to coordinate through local ~/.openclaw callback state. Keep the Discord observer off for sensitive work unless you trust the destination channel and are comfortable exposing task names, results, and workflow details there.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Output HandlingUnvalidated Output Injection, Cross-Context Output, Unbounded Output
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill instructs the agent to use shell commands and to read/write callback state under ~/.openclaw, but it declares no permissions. That mismatch can cause the runtime or user to underestimate the skill's access to environment variables, filesystem state, and command execution, which is risky because the documented operations include modifying persistent ledgers and invoking local scripts.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill describes piping callback ledger activity to a Discord channel and rendering task, summary, steps, expectations, and results into human-readable logs, but it does not clearly warn that these fields may contain sensitive operational or user data. Because the observer can continuously forward internal workflow details off-host, this creates a meaningful disclosure risk if enabled in production or used with sensitive tasks.

Unvalidated Output Injection

High
Category
Output Handling
Content
chan = channel.split(":", 1)[-1] if ":" in channel else channel
    body = "\n\n".join(messages)
    try:
        subprocess.run(
            ["openclaw", "notify", "--channel", f"discord:{chan}", "--text", body],
            check=True, capture_output=True, text=True, timeout=30,
        )
Confidence
81% confidence
Finding
subprocess.run( ["openclaw", "notify", "--channel", f"discord:{chan}", "--text", body], check=True, capture_output

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.