ClawHub

Bluebubbles Healthcheck

Security checks across malware telemetry and agentic risk

Overview

This skill is for a real local repair task, but its auto-heal path can delete webhook settings, restart OpenClaw, and expose the BlueBubbles password if misused.

Install only if you intend to let this skill manage a local BlueBubbles to OpenClaw setup. Before running heal.sh or reset-webhook.sh, list or back up existing BlueBubbles webhooks, use --dry-run first, and avoid shared or remote BlueBubbles servers. Treat BB_PASSWORD as exposed anywhere full webhook URLs may be stored or logged, and rotate it if you suspect the URL leaked.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (8)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README states that healing will 'delete all webhooks, re-register fresh' to clear stale registrations and backoff, but it does not clearly warn that this is a destructive action that can remove unrelated or custom BlueBubbles webhook configurations. In this skill context, the action is somewhat expected for repair, but the lack of explicit user warning, scope limitation, or confirmation makes accidental disruption of other integrations more likely.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The documentation explicitly recommends passing the BlueBubbles API password in the URL query string. Query parameters are commonly exposed in shell history, proxy logs, browser history, monitoring systems, and referrer-like telemetry, so this can leak a reusable credential even when the service is only locally reachable. In this skill context, the risk is increased because the examples are likely to be copied verbatim during operational troubleshooting.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The guide instructs users to delete and re-register a webhook to clear backoff state, but it does not warn that this is a state-changing, potentially disruptive action. In an operational troubleshooting context, performing this reset blindly can interrupt message delivery, remove a valid configuration, or cause accidental misconfiguration if the replacement webhook parameters are wrong.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script forwards the BlueBubbles bearer token in an Authorization header to the configured webhook URL during a health check. If OPENCLAW_WEBHOOK_URL is misconfigured, attacker-controlled, or points to a less-trusted service, this leaks a credential that can likely be reused against the BlueBubbles API, turning a connectivity test into credential exfiltration. The skill context increases risk because operators may run it during outages and trust it to contact arbitrary configured endpoints automatically.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script automatically executes `openclaw gateway restart` as part of its healing flow without requiring explicit operator confirmation at the point of action. Because this is an operationally disruptive state-changing command, invoking it non-interactively can cause service interruption or restart the wrong target if the environment is misconfigured, making unintended changes easier when the skill is run in automation or by an unsuspecting user.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script invokes `reset-webhook.sh` automatically, which likely alters webhook registration and therefore local or remote configuration, but does not clearly disclose the scope of those changes or require confirmation. In this skill's context, the script is specifically intended to auto-heal connectivity, so silent configuration mutation is plausible and increases the chance of accidental reconfiguration, service disruption, or pointing integrations at an unintended endpoint if inputs are wrong.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script enumerates all existing BlueBubbles webhooks and deletes them unconditionally before re-registering a new one. In an auto-heal skill this is operationally risky because it can destroy unrelated webhook configurations, cause outages, and break integrations if the script is pointed at the wrong server or used in a shared environment.

External Transmission

Medium
Category
Data Exfiltration
Content
log "─── CHECK 3: OpenClaw webhook endpoint alive ───"

# Test OpenClaw webhook endpoint with Authorization header
ENDPOINT_RESPONSE=$(curl -s -X POST --max-time 5 \
  -H "Authorization: Bearer ${BB_PASSWORD}" \
  -H "Content-Type: application/json" \
  -d '{"type":"ping","data":{}}' \
Confidence
95% confidence
Finding
curl -s -X POST --max-time 5 \ -H "Authorization: Bearer ${BB_PASSWORD}" \ -H "Content-Type: application/json" \ -d

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal