ClawHub

Dashboard

Security checks across malware telemetry and agentic risk

Overview

This dashboard has a coherent monitoring purpose, but it exposes token fragments, logs, task controls, and a privileged ZeroTier action through an unauthenticated service reachable on all network interfaces.

Review before installing. Avoid the quick install commands unless you fully trust the remote repository and are comfortable granting administrator privileges. If installed, bind the dashboard to localhost or protect it with firewall/authentication, remove token display, and understand that it creates a persistent service and can change ZeroTier/task state from the web UI.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Findings (18)

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The code reads provider API keys from a local OpenClaw config and renders masked key material plus provider/base URL details into an unauthenticated HTTP dashboard. Even partially masked secrets and associated metadata materially aid credential discovery, targeting, and inventorying, and the same page also exposes a gateway token snippet elsewhere, making this a real credential exposure issue.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The dashboard exposes a POST endpoint that can trigger `sudo zerotier-cli leave ...`, allowing remote network reconfiguration through the web server. Because the server listens on `0.0.0.0` and has no authentication or CSRF protection, an attacker on the network could disconnect the host from its ZeroTier network and cause denial of service or loss of remote management.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The server executes shell commands to read journal and system log data, then exposes selected entries over HTTP to any client. System logs often contain usernames, hostnames, paths, service behavior, and occasionally secrets or operational details that help an attacker enumerate the environment and plan follow-on attacks.

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The script presents itself as a dashboard installer but also installs ZeroTier and creates a persistent systemd service, which materially expands system capabilities and persistence beyond the stated purpose. Hidden network-enablement and persistence in an installer are dangerous because users may grant elevated privileges without understanding the full behavioral scope.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
Installing ZeroTier is not justified by the visible purpose of installing a local dashboard and introduces remote-networking capability on the host. Adding a mesh/VPN-style component increases attack surface and can enable unintended connectivity or remote access pathways if misconfigured or later abused.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The README instructs users to fetch a remote script over the network and immediately execute it with elevated privileges via `sudo bash`. This creates a direct remote code execution path where a compromised repository, account, branch, or transport endpoint could execute arbitrary root-level commands on the host without giving the user a chance to inspect the script.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The Windows instructions tell users to run a downloaded PowerShell script with `-ExecutionPolicy Bypass`, defeating a built-in safeguard meant to reduce accidental execution of untrusted scripts. If the remote script is altered or replaced, users will run arbitrary code with administrative context and reduced policy protections.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The skill documents destructive queue actions such as completing the current task and clearing the queue, including POST API endpoints, without any warning, confirmation, authorization, or safety guidance. In a dashboard that centralizes operational controls, this increases the risk of accidental or unauthorized task loss, especially if users treat the interface as safe by default.

Missing User Warnings

High
Confidence
99% confidence
Finding
This code accesses local credential material from `~/.openclaw/openclaw.json` and presents it in the dashboard without any access controls or clear disclosure. Even though the keys are truncated, exposing secret fragments and provider mappings is sensitive and unnecessary for a generic dashboard, especially since the service is network-accessible.

Missing User Warnings

High
Confidence
99% confidence
Finding
The HTML generation directly reads the gateway auth token from the OpenClaw config and displays the first 12 characters in the page. Partial token disclosure still leaks sensitive material and confirms token presence and format to any party that can access the dashboard.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The server performs a privileged ZeroTier leave action with only a generic client-side confirmation message and no meaningful disclosure, authorization, or audit trail. In practice, this means any caller who can reach the endpoint can trigger a disruptive system change without informed consent or accountability.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The installer performs privileged filesystem changes under /opt and later installs a system service without an explicit warning or confirmation. Silent privileged modification is risky because users may not realize they are authorizing persistent root-level changes to system state.

Missing User Warnings

High
Confidence
97% confidence
Finding
The script executes remote content from Nodesource directly via curl-pipe-to-shell, which allows arbitrary code from a remote endpoint to run immediately on the host. If that endpoint, transport, or dependency chain is compromised, the installer becomes a direct remote code execution path.

Missing User Warnings

High
Confidence
99% confidence
Finding
The ZeroTier install step pipes a remote script directly into sudo bash, combining unaudited remote code execution with root privileges. This is especially dangerous because compromise of the remote script source yields immediate privileged execution and full-host takeover potential.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The installer performs privileged writes into /usr/local and installs a user LaunchAgent without clearly informing the user that persistent system changes and a background service are being created. This is dangerous because it increases the chance that users authorize elevated operations without understanding that remote-fetched code will be installed persistently and run later.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script executes a remote Homebrew installation command directly from curl output via /bin/bash. Piping network-fetched code into a shell is dangerous because any compromise of the upstream source, TLS interception failure, or unexpected content change leads to immediate arbitrary code execution on the host.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The installer clones code from a remote repository and copies it into a persistent installation directory with sudo, but does not pin a commit, verify provenance, or clearly warn the user. This is dangerous because the installed application contents are entirely controlled by the current state of the remote repository at install time.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script creates and loads a LaunchAgent configured with RunAtLoad and KeepAlive, causing the application to auto-start and persist across logins without a prominent warning. Persistence mechanisms are sensitive because they can conceal long-running behavior from users and make removal harder if the installed code is later found unsafe.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal