ClawHub

Closeli Open Device Live Query

Security checks across malware telemetry and agentic risk

Overview

The skill is a disclosed device-list lookup that uses a local API key and a single documented network endpoint, with no artifact-backed evidence of hidden or destructive behavior.

Install only if you intend to let this skill query your Closeli device list. Use a least-privilege API key, keep ~/.openclaw/.env restricted to the OpenClaw service user, verify AI_GATEWAY_HOST is the expected Closeli endpoint, and do not disable TLS verification outside development.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill declares runtime requirements and clearly performs file reads from `~/.openclaw/.env` plus outbound network calls, but it does not declare corresponding permissions in a dedicated permissions model. This creates a transparency and policy-enforcement gap: users or the platform may not realize the skill can access shared credentials and external endpoints, making abuse or overreach harder to detect.

Credential Access

High
Category
Privilege Escalation
Content
openclaw:
    requires:
      bins: ["python3"]
      configPaths: ["~/.openclaw/.env"]
    primaryEnv: "AI_GATEWAY_API_KEY"
---
Confidence
95% confidence
Finding
.env"

Session Persistence

Medium
Category
Rogue Agent
Content
### Configuration Source

The script reads `~/.openclaw/.env` as the single persistent configuration source. This file is shared by all skills and uses the format `KEY=VALUE` (one entry per line). OpenClaw clients write to this file when the user updates settings. The script does NOT read any `AI_GATEWAY_*` environment variables — env variables are intentionally ignored to avoid stale Gateway-process snapshots overriding the user's latest config.

## Security Notes
Confidence
87% confidence
Finding
write to this file when the user updates settings. The script does NOT read any `AI_GATEWAY_*` environment variables — env variables are intentionally ignored to avoid stale Gateway-process snapshots

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal