ClawHub

Bounded Memory

Security checks across malware telemetry and agentic risk

Overview

This skill is mostly purpose-aligned, but its optional AI summary mode can send private chat excerpts and broadly sourced API keys to a fixed MiniMax endpoint that is not clearly disclosed.

Review before installing if your OpenClaw sessions may contain secrets, client data, or private prompts. Offline indexing behaves as advertised, but treat the generated sessions.db as sensitive and delete it when no longer needed. Avoid --llm unless you are comfortable sending matched session snippets to MiniMax and have verified which API key the script will use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The script copies full user/assistant session content, including tool-call command snippets, into a local SQLite FTS database without any notice, consent flow, minimization, or safeguards around sensitive data handling. Because session logs can contain credentials, secrets, personal data, or proprietary prompts, indexing them into a separate searchable store increases exposure and retention risk if the database is accessed by other local users, included in backups, or exfiltrated.

External Transmission

Medium
Category
Data Exfiltration
Content
return None, "⚠️  No API key found. Skipping summary."

    # MiniMax compatible OpenAI endpoint
    BASE_URL = "https://api.minimax.chat/v1"
    MODEL = "MiniMax-M2.7"

    prompt = f"""User asked: "{query}"
Confidence
96% confidence
Finding
https://api.minimax.chat/

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal