Credential Access
High
- Category
- Privilege Escalation
- Content
openclaw: requires: bins: ["python3"] configPaths: ["~/.openclaw/.env"] primaryEnv: "AI_GATEWAY_API_KEY" ---- Confidence
- 85% confidence
- Finding
- .env"
Closeli Open Device status Query
Security checks across malware telemetry and agentic risk
Overview
This skill appears to do the disclosed job of checking Closeli device status, but it handles an API key and device metadata so users should keep the configuration locked down.
Install only if you trust the Closeli gateway configuration. Keep ~/.openclaw/.env permission-restricted, use a least-privilege API key, avoid passing keys on the command line, leave TLS verification enabled, and verify AI_GATEWAY_HOST before running the skill.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
- Rogue AgentSelf-Modification, Session Persistence
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (6)
Credential Access
High
- Category
- Privilege Escalation
- Content
def get_api_host(env_vars): """ 获取网关地址:~/.openclaw/.env 中的 AI_GATEWAY_HOST,未配置则用默认值。 """ host = env_vars.get("AI_GATEWAY_HOST") return host.rstrip("/") if host else DEFAULT_API_HOST- Confidence
- 84% confidence
- Finding
- .env
Credential Access
High
- Category
- Privilege Escalation
- Content
def get_verify_ssl(env_vars): """ 判断是否启用 TLS 证书验证。默认启用。 仅当 ~/.openclaw/.env 中显式设置 AI_GATEWAY_VERIFY_SSL=false 时禁用(仅开发环境)。 """ val = env_vars.get("AI_GATEWAY_VERIFY_SSL", "true").lower() return val not in ("false", "0", "no")- Confidence
- 93% confidence
- Finding
- .env
Credential Access
High
- Category
- Privilege Escalation
- Content
def main(): parser = argparse.ArgumentParser(description="查询设备状态") parser.add_argument("--api-key", help="API Key 临时覆盖;持久化请写到 ~/.openclaw/.env") parser.add_argument("--device-ids", required=True, help="设备 ID 列表,逗号分隔") args = parser.parse_args()- Confidence
- 78% confidence
- Finding
- .env"
Session Persistence
Medium
- Category
- Rogue Agent
- Content
### Configuration Source The script reads `~/.openclaw/.env` as the single persistent configuration source. This file is shared by all skills and uses the format `KEY=VALUE` (one entry per line). OpenClaw clients write to this file when the user updates settings. The script does NOT read any `AI_GATEWAY_*` environment variables — env variables are intentionally ignored to avoid stale Gateway-process snapshots overriding the user's latest config. ## Security Notes
- Confidence
- 83% confidence
- Finding
- write to this file when the user updates settings. The script does NOT read any `AI_GATEWAY_*` environment variables — env variables are intentionally ignored to avoid stale Gateway-process snapshots
Unsafe Defaults
Medium
- Category
- Tool Misuse
- Content
def get_verify_ssl(env_vars): """ 判断是否启用 TLS 证书验证。默认启用。 仅当 ~/.openclaw/.env 中显式设置 AI_GATEWAY_VERIFY_SSL=false 时禁用(仅开发环境)。 """ val = env_vars.get("AI_GATEWAY_VERIFY_SSL", "true").lower() return val not in ("false", "0", "no")- Confidence
- 95% confidence
- Finding
- VERIFY_SSL=false
VirusTotal
65/65 vendors flagged this skill as clean.