ClawHub

Closeli Open Device List Query

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Closeli device-list helper that uses an API key to fetch device names and identifiers, with configuration risks users should manage.

Install only if you trust the Closeli gateway configuration. Keep AI_GATEWAY_VERIFY_SSL enabled, verify AI_GATEWAY_HOST before running, use a least-privilege API key, and restrict ~/.openclaw/.env permissions because any skill running as the same user may be able to read that shared credential file.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill declares file and network capabilities in prose/metadata but does not use an explicit permissions model, which weakens review and enforcement. This increases the chance that a skill with access to shared credentials and outbound network access operates with more privilege than is transparently declared to users or the platform.

Credential Access

High
Category
Privilege Escalation
Content
openclaw:
    requires:
      bins: ["python3"]
      configPaths: ["~/.openclaw/.env"]
    primaryEnv: "AI_GATEWAY_API_KEY"
---
Confidence
95% confidence
Finding
.env"

Session Persistence

Medium
Category
Rogue Agent
Content
### Configuration Source

The script reads `~/.openclaw/.env` as the single persistent configuration source. This file is shared by all skills and uses the format `KEY=VALUE` (one entry per line). OpenClaw clients write to this file when the user updates settings. The script does NOT read any `AI_GATEWAY_*` environment variables — env variables are intentionally ignored to avoid stale Gateway-process snapshots overriding the user's latest config.

## Security Notes
Confidence
89% confidence
Finding
write to this file when the user updates settings. The script does NOT read any `AI_GATEWAY_*` environment variables — env variables are intentionally ignored to avoid stale Gateway-process snapshots

Unsafe Defaults

Medium
Category
Tool Misuse
Content
def get_verify_ssl(env_vars):
    """
    判断是否启用 TLS 证书验证。默认启用。
    仅当 ~/.openclaw/.env 中显式设置 AI_GATEWAY_VERIFY_SSL=false 时禁用(仅开发环境)。
    """
    val = env_vars.get("AI_GATEWAY_VERIFY_SSL", "true").lower()
    return val not in ("false", "0", "no")
Confidence
91% confidence
Finding
VERIFY_SSL=false

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal