ClawHub

anduoduo-openclaw-skill

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly a disclosed Anduoduo/OpenClaw reporting helper, but it also documents sensitive cloud-account onboarding with raw AK/SK credentials and broad automatic report behavior that need review before installation.

Install only if you intend to use Anduoduo/OpenClaw with a trusted API key. Before use, confirm any API action, avoid pasting cloud-provider AK/SK unless you knowingly want to onboard a cloud account, use least-privilege credentials, and review generated reports for sensitive account or asset details before sharing or uploading.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The documented API includes a state-changing cloud account creation capability that is outside the skill's stated analytics, querying, and report-generation purpose. This expands the skill's effective authority from read/report operations into infrastructure onboarding, increasing the chance that an agent could be induced to perform unintended write actions on an external platform.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The skill documents acceptance and transmission of third-party cloud AK/SK credentials even though its described purpose is analytics and reporting. Handling raw cloud credentials is highly sensitive because an agent or downstream service could store, log, replay, or misuse them, potentially enabling compromise of external cloud accounts beyond the OpenClaw platform itself.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The invocation criteria are extremely broad and directive-driven, causing the skill to activate for many generic cloud-risk or reporting requests without clear scoping, consent, or disambiguation. In a multi-skill agent, this can misroute user intent, over-collect data, or force a prescribed HTML reporting workflow when a narrower or safer action would be more appropriate.

Natural-Language Policy Violations

Medium
Confidence
84% confidence
Finding
The README is entirely Chinese and the skill description strongly implies a fixed Chinese interaction style, without stating that output language should follow the user's preference. This can cause unsafe misunderstandings, incorrect interpretation of security findings, or inaccessible responses in multilingual environments, especially when the skill is used for risk reporting and compliance summaries.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The skill’s activation criteria are extremely broad and include many generic risk-analysis phrases, which can cause the skill to be invoked for loosely related requests. In this context, misrouting is security-relevant because the skill is authorized to handle sensitive cloud-risk data and credentials, so unintended invocation can expand access to secrets and external API actions beyond user intent.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The document instructs transmission of highly sensitive cloud credentials without any explicit warning about secrecy, logging exposure, storage, or least-privilege requirements. In an agent context, this is dangerous because users may paste real credentials into a workflow that is primarily framed as data analysis, underestimating the security consequences.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The document explicitly instructs the agent to generate and write a fixed HTML report file (`assets/anduoduo_risk_report.html`) for overview-style queries, but provides no safeguard about overwriting an existing file, obtaining user confirmation, or choosing a unique output path. In an agent setting, fixed-path file generation can destroy prior user data or silently modify workspace artifacts, especially because the skill says this behavior is mandatory even when the user did not explicitly request a file.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal