ClawHub

Knods

Security checks across malware telemetry and agentic risk

Overview

This Knods skill matches its stated bridge purpose, but it installs an always-on background service and exposes gateway-token URLs in logs, so users should review it carefully before installing.

Install only if you want a continuously running Knods-to-OpenClaw bridge. Use dedicated, revocable Knods tokens with minimal scopes, avoid sharing service logs, rotate any gateway token already used with this version, and know how to stop or disable the user service when polling is not needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill provides installation and service-management commands that modify the user's environment by copying files into persistent locations and enabling a user systemd service, but it does not present an explicit warning or confirmation requirement. That omission increases the risk that an agent executes system-changing commands without the user fully understanding that a background process will be installed and started automatically.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The protocol explicitly transmits full conversation history and authenticates with a gateway token in query parameters, but provides no warning about privacy exposure, logging, retention, or safe token handling. In practice, message history may contain sensitive user data and query-string tokens are commonly captured in logs, proxies, browser history, and monitoring systems, increasing disclosure risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The authentication section normalizes placing long-lived gateway tokens in query strings and environment examples without cautioning about leakage through process listings, logs, config dumps, shell history, support bundles, or copied URLs. This is dangerous because anyone obtaining the token can impersonate the bridge and read/respond to queued messages.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The installer silently creates a Python script in the user's OpenClaw directory, writes a systemd user unit, reloads systemd, and immediately enables and starts the service. That creates persistence and causes code to run automatically on login without an explicit confirmation step, which is risky for an install script in a skill package because users may not realize they are granting ongoing execution.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The script prints updates_url and respond_url after adding the gateway token into the query string, which exposes credentials to stdout, logs, terminals, process supervisors, or CI artifacts. Anyone with access to those logs could replay the token and interact with the Knods gateway as the bridge.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal