Openclaw Eve Skill

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate EVE Online API skill, but it needs review because it stores OAuth tokens and exposes a broad raw API helper that can make token-authorized account changes.

Install only if you are comfortable giving the local agent access to private EVE character data such as wallet, assets, location, mail, contracts, and killmails. Use the minimum EVE SSO scopes needed, avoid granting write scopes unless you intend account changes, do not paste or log printed tokens, and configure Telegram or Discord alerts only for channels you trust.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (8)

Intent-Code Divergence

Medium

Confidence: 91% confidence
Finding: The skill first states that tokens are normally stored in a local plaintext JSON file, then later says tokens should not be stored in plain text and recommends env-var references. Contradictory security guidance can lead users to keep long-lived refresh tokens in an unencrypted local file despite believing they are following secure practice, increasing credential exposure risk on a multi-user host or compromised workstation.

Description-Behavior Mismatch

High

Confidence: 98% confidence
Finding: The script exposes a generic raw endpoint mode that accepts arbitrary ESI paths plus POST/PUT/DELETE methods, allowing callers to invoke any token-authorized ESI operation rather than a constrained set of account-management actions. In the context of an agent skill, this materially increases risk because a prompt-influenced agent can be steered into performing unintended state-changing actions such as editing contacts, mail, fittings, or other account-affecting API calls outside the declared scope.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The README documents broad access to sensitive account data including wallet, assets, location, mail, killmails, and notifications, but it does not prominently warn users about the privacy implications of granting these scopes. In a skill that stores long-lived tokens and supports multi-character access, missing consent and privacy guidance increases the risk of over-collection and accidental exposure of highly sensitive player/account data.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The documentation shows how to obtain and refresh OAuth tokens but does not warn that access tokens, refresh tokens, authorization codes, and PKCE material can be exposed through shell history, terminal logs, CI logs, screen recordings, or copied command history. In an authentication guide for account-management APIs, that omission is security-relevant because leaked refresh tokens can enable long-lived unauthorized access to EVE account data.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: This reference explicitly instructs use of a bearer token for many authenticated endpoints exposing highly sensitive account and character data, but provides no guidance on token secrecy, scope minimization, storage, redaction, or user-consent boundaries. In an agent skill context, that omission materially increases the chance the agent will over-collect, mishandle, or expose credentials and private gameplay/account data.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The reference enumerates multiple state-changing endpoints such as adding/editing/deleting contacts, responding to calendar events, creating/deleting fittings, sending/deleting mail, and organizing labels without any warning that these actions modify user data and may be irreversible or user-visible. In an account-management skill, lack of confirmation and safety guidance can lead an agent to perform destructive or unintended actions on behalf of a user.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: These action paths send bearer tokens to authenticated ESI endpoints that can return sensitive account data such as character location and planetary-management details, yet the code provides no explicit privacy notice, consent checkpoint, or data-minimization guardrail. In an agent setting, users may not realize that highly sensitive gameplay/account telemetry is being transmitted and retrieved, which raises privacy and trust risks even if the destination is the legitimate ESI service.

Credential Access

High

Category: Privilege Escalation
Content: required: false sensitive: true - name: EVE_REFRESH_MAIN description: "ESI OAuth2 refresh token for automatic access token renewal. Not needed at runtime — scripts auto-manage tokens via ~/.openclaw/eve-tokens.json. Only set as env var if using $ENV: references in your dashboard config." required: false sensitive: true - name: TELEGRAM_BOT_TOKEN
Confidence: 87% confidence
Finding: access token

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal