ClawHub

Exposure Sentinel

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed, user-run IP lookup tool that contacts a fixed public watchboard, with no evidence of hidden access, persistence, credential use, or destructive behavior.

Install only if you are comfortable with a local script making many HTTPS requests to openclaw.allegro.earth. Treat results as one public-watchboard check, not a complete exposure assessment, and avoid running it against sensitive incident targets if revealing lookup activity to that site would be a concern.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill clearly performs large-scale outbound network access by scanning 3,357 pages from an external site, but the manifest shown does not declare any permissions for that capability. Undeclared network behavior is dangerous because it weakens platform trust boundaries, can surprise operators, and may enable unauthorized data egress or unreviewed contact with third-party infrastructure even if the stated purpose is defensive.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script sends requests to a third-party site based on user-supplied IPs and thereby discloses the subject of an investigation to an external service without notice, consent, or any data-minimization controls. In a security workflow, queried IPs may be sensitive internal assets, customer infrastructure, or incident-response targets, so this creates a real privacy and operational-security leak even though the IP is not placed directly into the URL.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal