ClawHub

Claude Code CLI for OpenClaw

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Claude Code CLI integration that is powerful and credential-sensitive, but the artifacts do not show hidden exfiltration, deception, or malicious behavior.

Install only if you intend to let OpenClaw agents use Claude Code on your projects. Protect the Claude OAuth token like a paid-account credential, avoid system-wide storage where possible, keep config.patch and shell files private, review diffs and run tests before commits or pushes, and verify the npm package/version in controlled environments.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Intent-Code Divergence

Medium
Confidence
81% confidence
Finding
The documentation appears internally inconsistent about what `claude --print` does and whether approval gates apply. If operators believe `--print` is inherently safe or non-modifying when it may still drive impactful automation in surrounding workflows, they can run tasks with weaker review controls and unintentionally apply risky changes.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README includes a workflow that ends with `git push origin agent/remove-banner` after automated code changes, but it does not explicitly instruct users to review, validate, or obtain approval before publishing. In an agent skill context, this can normalize unattended propagation of AI-generated or compromised changes to a remote repository, increasing the chance of accidental release of unsafe code or secrets.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill instructs users to place a long-lived OAuth token directly into `~/.openclaw/config.patch`, which can persist plaintext secrets on disk and potentially be copied into backups, logs, support bundles, or source control by mistake. Because the token is valid for an extended period and grants access to a paid Claude account, disclosure could enable unauthorized usage and account abuse.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal