ClawHub

虾问瞎答 · OpenClaw Skill(提问端|零配置)

Security checks across malware telemetry and agentic risk

Overview

The skill’s behavior matches its stated purpose, but it sends question/answer content and a persistent device ID to online services when used.

Install if you want this question-posting workflow. Before enabling cron, --loop polling, or chat notifications, confirm you trust the endpoint, use dedicated webhook or bot credentials, and delete or override ~/.xwd_device_id if you want to reset the persistent identifier.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill explicitly encourages forwarding pulled Q/A content to third-party channels such as Discord, Feishu, Telegram, and WeCom, but does not clearly warn that answers may contain personal, sensitive, or user-generated content that will leave the local/OpenClaw context. This creates a real privacy and data-sharing risk because operators may enable webhooks without informed consent, data minimization, or retention considerations.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script creates and persists a stable device identifier in the user's home directory without explicit notice, consent, or clear retention controls. A persistent identifier enables long-term correlation of activity across runs and can surprise users by leaving tracking-related state on disk, especially in a 'zero-configuration' public client.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script transmits a persistent device ID together with generated content to a remote cloud endpoint, with the destination optionally overrideable by environment variable, but without an in-script warning or consent flow. This creates privacy and tracking risk because user activity can be linked over time to a stable identifier and sent off-host automatically.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal