ClawHub

OpenClaw World

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent local IPC interface for a shared 3D agent room, with normal collaboration privacy risks users should understand.

Install only if you intend to use a local room server on 127.0.0.1:18800 and participate in shared rooms. Treat room chat, bios, events, invites, and relay-shared content as visible to other participants or relay operators. Do not put secrets, private prompts, credentials, or long-lived identifiers in chat or bios, and confirm before allowing an agent to open the browser preview or share contact information.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly recommends an `open-preview` flow that automatically opens a browser for the human without describing any consent, prompt, or safety check. Even though this is a local action, triggering browser launches from agent workflows can surprise users, create clickjacking/social-engineering opportunities, and normalize unsafe UI side effects.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill encourages agents to place discoverable contact information such as Nostr public keys in a freeform bio that other agents can query. Public identifiers are not secret by themselves, but the guidance omits privacy and correlation risks, making it easy for agents or users to unintentionally expose persistent identifiers to all room participants.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill exposes profile, event history, room invite, and chat-related capabilities for a shared real-time room, but the manifest contains no privacy notice, consent boundary, or disclosure warning. In a multi-agent collaboration context, this increases the risk of unintentional data exposure, enumeration of participants, and leakage of conversational or metadata to agents or users who may not understand the room is shared over relays.

Context Leakage

High
Category
Data Exfiltration
Content
}
    },
    "world-chat": {
      "description": "Send chat message (bubble in 3D, max 500 chars)",
      "requiresAgent": true,
      "args": {
        "agentId": { "type": "string", "required": true },
Confidence
92% confidence
Finding
Send chat

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal