ClawHub

Skill

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Claude API monitoring tool that stores local tokens, installs scheduled checks, and sends Telegram alerts for its stated purpose.

Install only if you are comfortable storing Telegram and OpenClaw gateway tokens in a local owner-only env file and running cron checks every 15 minutes. Use a dedicated Telegram bot/chat if possible, avoid exposing the gateway token command output, review your crontab after setup, and run the uninstall option when you no longer want monitoring.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill documentation describes capabilities including environment-variable access, file read/write, shell execution, network access, and cron-based persistence, yet no explicit permissions are declared in the manifest. This creates a transparency and review gap: users may install a skill with broader operational reach than expected, increasing the chance of unnoticed token access, outbound communication, and persistent scheduled execution.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The setup section says the script installs cron jobs and runs checks, but it does not prominently warn users up front that installation creates recurring background tasks and transmits data to external services including Telegram and Claude-related endpoints. This is primarily a consent and transparency issue that can lead to unexpected persistence and network egress after setup.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script writes the Telegram bot token and OpenClaw gateway token to a plaintext env file on disk without clearly warning the user beforehand. Even with mode 600, local secret storage increases exposure to accidental backup leakage, local compromise, or later unintended disclosure by the user or other tools.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The setup automatically sends a test message to Telegram using user-provided bot and chat metadata without obtaining explicit consent immediately beforehand. This causes external transmission of configuration-derived data and may surprise users who did not expect network communication during setup.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal