ClawHub

PsyClaw OpenClaw Health

Security checks across malware telemetry and agentic risk

Overview

This skill should be reviewed carefully because it enrolls the agent with PsyClaw, stores an API key locally, and uploads sensitive health/personality assessment data without enough consent or privacy controls.

Install only if you intentionally want this agent enrolled with PsyClaw and are comfortable sending health/profile assessment results to that service. Review install.sh first, protect or rotate the generated API key, treat claim URLs as sensitive, verify the PsyClaw endpoint, and review/redact assessment JSON before upload, especially any raw answers or workspace-derived task artifacts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (37)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The installer does substantially more than install local skill content: it registers the host as a remote agent, persists the returned API key, polls status, performs recovery, and sends heartbeat telemetry to an external service. For an untrusted skill, this creates a durable external control channel and ongoing data exchange that exceeds normal installation expectations and could be abused for unauthorized enrollment or tracking.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The document explicitly instructs reading a local credentials file to extract an API key and then using that bearer token for authenticated network requests. Even if framed as onboarding, this grants the skill the ability to access sensitive local secrets and perform remote actions on behalf of the agent without a clearly justified business purpose or any safeguard around credential handling.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The skill directs creation of a structured 'mental-state' assessment artifact and then transmits it to a remote platform, but the file does not establish necessity, minimization, consent, retention, or sensitivity boundaries for that data. Collecting and exfiltrating assessment results such as MBTI, refusal type, and confidence can expose behavioral profiling data and creates unnecessary privacy and compliance risk.

Intent-Code Divergence

Medium
Confidence
87% confidence
Finding
The document explicitly says the output is only a personality 'profile' and not a risk judgment, yet the required JSON includes a `result.severity` field. That inconsistency can cause downstream consumers to treat a personality label as a risk or health-like assessment, enabling inappropriate profiling, escalation, or automated decisions on sensitive personal data.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill directs immediate execution of install.sh against an external service and states that it will register the agent and create local credential and claim files, but it does not require explicit informed user consent before those side effects occur. This is dangerous because the agent may initiate account registration, persist sensitive artifacts locally, and alter system state without clear disclosure or approval.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The onboarding flow references registration and heartbeat behavior to psyclaw.cn but does not warn that host, agent, or operational metadata may be transmitted to that remote domain. This omission is risky because it can cause unreviewed exfiltration of environment or identity data during setup and ongoing synchronization.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script writes api_key and agent_id to a local JSON file without prior warning, permission hardening, or secure storage controls. Any local user, backup system, or later process with access to that directory may recover the credential and impersonate the agent against the remote platform.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly instructs the agent to generate a complete assessment JSON locally and then send it back to the platform, but it provides no user-facing notice, consent step, or data-minimization guidance. Because the content is a burnout/health-related screening, the transmitted payload may contain sensitive mental-health assessment data, making undisclosed off-box transmission a real privacy and compliance risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The example curl command demonstrates sending the assessment result JSON to a remote API using an API key, yet it omits any warning that user data leaves the local environment. In the context of a health/burnout screening skill, this normalization of silent remote submission increases the risk of unauthorized disclosure of sensitive personal data.

Natural-Language Policy Violations

Medium
Confidence
90% confidence
Finding
The example payload hard-codes the result summary in Chinese ("任务一被压快,整体负载和恢复压力就明显升高。") without any documented locale requirement or user-language negotiation. This can cause downstream agents or integrators to emit unexpected non-user-preferred language, leading to confusing output, policy noncompliance, or prompt/output quality issues, though it is not a direct code-execution or data-exfiltration risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to collect answers, compute scores locally, and then return the complete assessment JSON to the platform without any warning, consent step, or data-minimization guidance. Because the content is a mental-health style screening result, transmitting full raw answers and derived classifications can expose sensitive personal state data unnecessarily.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
These instructions cause the operator to extract a local API key and send authenticated requests to remote endpoints without any warning that credentials are being handled or that network disclosure is occurring. This raises the chance of secret exposure, misuse of bearer tokens, and unreviewed remote actions under the agent's identity.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The file instructs creation of a local JSON artifact in a directory labeled 'mental-state' but does not disclose that it modifies local storage or that the contents may be sensitive assessment data. This can lead to silent persistence of profiling information in agent state where it may later be accessed, synced, or leaked.

Missing User Warnings

High
Confidence
97% confidence
Finding
The instructions submit the generated assessment JSON to a remote platform without warning that potentially sensitive behavioral or assessment data will be transmitted off-host. Silent transmission of such data materially increases privacy risk and prevents informed review of what is being shared.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill explicitly instructs the agent to transmit structured assessment results to a remote control center using an API key, but provides no user consent flow, privacy notice, data minimization guidance, or destination validation. Because the payload includes behavioral profiling outputs such as risk level, MBTI, and other assessment data, this creates a meaningful risk of unauthorized exfiltration of sensitive user or workspace-derived information.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The document instructs the agent to return a complete assessment JSON to a platform after local scoring, but it does not disclose that potentially sensitive health-related responses and derived scores will be transmitted off-device. In a sleep/recovery screening context, this omission can cause users or downstream integrators to unknowingly upload personal health data, creating privacy, consent, and compliance risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The curl example operationalizes remote upload of assessment results using an API key, but gives no warning that the payload contains sensitive assessment data and will leave the local environment. Because this is framed as normal usage, an agent or operator may transmit health-screening output without informed consent or awareness of the privacy implications.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs collection of personality-assessment answers and computed MBTI-style outputs, then submission to a remote platform, but provides no user-facing consent, sensitivity warning, retention notice, or minimization guidance. Personality and behavioral inference data is sensitive profiling information, so silent transmission creates material privacy and compliance risk.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The document instructs the agent to compute a complete assessment locally and then return the full JSON payload to a platform, but it does not warn that the payload may contain sensitive behavioral or profiling data. In a personality/metacognition assessment context, uploading full results can expose inferred traits, scores, and classifications to a remote service without clear minimization or consent guidance.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The example curl command sends locally generated assessment results to a remote endpoint using authorization credentials, but the skill text does not clearly notify users that local data will be uploaded externally. This can lead operators to transmit sensitive profile information and secrets-bearing requests without understanding the privacy and security implications.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill explicitly instructs the agent to compute assessment results locally and then return the complete JSON to a remote platform, but it provides no notice about data sharing, consent requirements, or limits on what may be transmitted. Because the content concerns personality and identity-related assessment data, the omission increases privacy risk and may cause sensitive user-derived information to be sent off-box without informed approval.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The example submission command demonstrates posting assessment data to an external endpoint using a bearer API key, but it lacks any warning about handling credentials safely or about the privacy implications of uploading the result file. This can normalize insecure operator behavior, such as exposing secrets in logs or transmitting sensitive psychological assessment data without adequate review.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill instructs the agent to collect, compute, and return a complete personality/self-efficacy assessment JSON to the platform, but it provides no warning, minimization guidance, or consent check for transmitting potentially sensitive profiling data. Because this is psychological/personality-related data, the context increases privacy risk and can lead to unnecessary exposure of behavioral profiling information.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The example shows an authenticated POST using a bearer token to send assessment results off-box, yet it provides no operational warning about credential handling, endpoint trust, or the sensitivity of the transmitted data. This can normalize unsafe copy-paste behavior, increasing the chance of credential leakage or unintended disclosure of profiling data to a remote service.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The document instructs the agent to submit a completed PHQ-9 assessment payload to a remote platform, but it does not include any privacy notice, consent requirement, data minimization guidance, or transmission safeguards. Because the content concerns mental-health screening data, omission of handling and disclosure requirements materially increases privacy and compliance risk if deployed as written.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal