ClawHub

Openclaw Aligenie Genie

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real Tmall Genie bridge, but it asks users to expose a sensitive agent-control service in ways that need careful review before installation.

Install only if you control and can review the server side. Replace public HTTP with HTTPS, restrict firewall access to trusted sources or a VPN, protect and rotate API keys, avoid plaintext key files, and understand that Tmall Genie messages and related metadata will pass through the configured cloud server.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill documentation and examples show use of environment variables, API keys, and outbound network communication to a cloud server, but no explicit permission declaration or trust boundary information is present. This can mislead operators about what the skill accesses and transmits, increasing the risk of unintended secret exposure or unauthorized external communication.

Missing User Warnings

High
Confidence
97% confidence
Finding
The deployment guide explicitly recommends allowing TCP/58472 from 0.0.0.0/0 for the HTTP API, which exposes the service to the entire internet without any warning or compensating controls. In the context of an agent bridge that handles account, device, and API key operations, public exposure significantly increases the chance of unauthorized access, brute force attempts, endpoint probing, and abuse of any implementation flaws.

Missing User Warnings

High
Confidence
99% confidence
Finding
The guide publishes a real public IP address and demonstrates authenticated API usage over plain HTTP with an X-Api-Key header, which allows credentials and sensitive requests to be intercepted by anyone on the network path. Because this skill is for bidirectional communication between OpenClaw and Tmall Genie, compromise of the API key or session traffic could let an attacker enumerate devices, issue commands, or impersonate trusted components.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The activation conditions are broad, including any time a user wants to communicate with Tmall Genie, receive messages, configure connectivity, or process incoming instructions. Ambiguous trigger boundaries can cause the skill to activate in unintended contexts, potentially forwarding sensitive content or executing external commands without clear user intent.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documentation instructs users to configure a cloud server URL, API key, agent ID, registration session key, heartbeat loop, and polling loop, but does not provide prominent warnings about data transmission, retention, or third-party handling. Because this skill is specifically designed for bidirectional cloud communication, missing disclosure makes accidental transmission of user messages or operational metadata more likely.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The spec shows a CLI configuration file storing a live API key in plaintext on disk. If that file is readable by other local users, malware, backups, or accidentally committed/shared, the key can be used to access management APIs and perform actions as that user.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal