ClawHub

Openclaw Plugin Dev

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only OpenClaw plugin development guide, but its logging examples could expose sensitive LLM conversation data if copied without safeguards.

Reasonable to install as a guide. If you use its examples to build a plugin, do not log full prompts, system prompts, chat history, or outputs by default; add opt-in controls, redaction, restricted file permissions, and a retention or deletion policy.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill explicitly promotes logging all LLM API requests and responses, which can capture prompts, system prompts, chat history, secrets, and personal data, yet it provides no warning, consent guidance, redaction strategy, or retention controls. In a plugin-development context this is especially risky because it gives implementers a ready-made surveillance pattern that may be deployed broadly and silently.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The early examples teach interception of `llm_input` and `llm_output` events and correlation of full request/response data, normalizing collection of potentially sensitive model inputs and outputs. Although framed as plugin mechanics, the absence of any caution about privacy, minimization, or safe handling makes the guidance unsafe by default and increases the chance of accidental data leakage.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal