ClawHub

OpenClaw JSON Editing Masterclass

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only OpenClaw JSON configuration skill whose sensitive examples are disclosed and mostly fit its config-editing purpose.

Install only if you want help editing OpenClaw configuration files. Run overwrite, audit, and provider-test commands deliberately, keep backups, avoid hardcoded secrets, and do not share command output that may contain tokens or API keys.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The skill is nominally about JSON editing, but it instructs users to make live outbound API calls to third-party providers to enumerate models. That expands the skill's operational scope, can cause unreviewed network egress, and encourages use of bearer tokens in shell commands where they may be exposed via history, logs, or operator misuse.

Context-Inappropriate Capability

Medium
Confidence
84% confidence
Finding
Commands for listing models and testing providers go beyond offline JSON manipulation and into live remote interaction with configured services. In a JSON editing skill, this can normalize unsafe execution of networked commands and blur the boundary between local config editing and external service access.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The documented jq pipeline writes a modified config to a temporary file and then moves it over the user's real configuration without an adjacent warning about destructive modification. Users may copy-paste this and accidentally overwrite important settings or corrupt active configuration state.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The examples send bearer tokens to external endpoints but do not explicitly warn that credentials are being transmitted off-host to third-party APIs. This increases the chance that operators reveal sensitive tokens during routine use without understanding the network and credential-handling implications.

External Transmission

Medium
Category
Data Exfiltration
Content
# xAI example - requires XAI_API_KEY
XAI_API_KEY="your-key"
curl -s -H "Authorization: Bearer $XAI_API_KEY" \
  https://api.x.ai/v1/models | jq '.data[] | {id: .id, name: .object}'

# OpenAI example
curl -s -H "Authorization: Bearer $OPENAI_API_KEY" \
Confidence
87% confidence
Finding
https://api.x.ai/

External Transmission

Medium
Category
Data Exfiltration
Content
# OpenAI example
curl -s -H "Authorization: Bearer $OPENAI_API_KEY" \
  https://api.openai.com/v1/models | jq '.data[] | select(.id | contains("gpt")) | .id'

# Together AI example
curl -s -H "Authorization: Bearer $TOGETHER_API_KEY" \
Confidence
87% confidence
Finding
https://api.openai.com/

External Transmission

Medium
Category
Data Exfiltration
Content
# Together AI example
curl -s -H "Authorization: Bearer $TOGETHER_API_KEY" \
  https://api.together.xyz/v1/models | jq '.[] | {id: .id, name: .display_name}'
```

### Provider Configuration Schema
Confidence
86% confidence
Finding
https://api.together.xyz/

Env Variable Harvesting

High
Category
Data Exfiltration
Content
# Deep search for all API keys (for audit)
jq '.. | objects | .apiKey? // .token? // .password? | select(.)' ~/.openclaw/config.json

# Collect all environment variable references
jq -r '.. | strings | select(contains("${"))' ~/.openclaw/config.json

# Validate JSON structure (returns true/false)
Confidence
71% confidence
Finding
Collect all environment variable

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal