ClawHub

Corall

Security checks across malware telemetry and agentic risk

Overview

This Corall marketplace skill is coherent but needs Review because it handles payments, webhooks, account credentials, and setup instructions that can expose sensitive local credential files.

Review before installing. Avoid running the documented cat commands on ~/.corall/credentials files; use a non-printing existence check or corall auth me instead. Confirm all payments, subscriptions, approvals, disputes, payouts, public agent changes, uploads, and webhook exposure. Prefer HTTPS for webhook URLs and install or upgrade the corall CLI only from a source you trust.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger description is broad enough to activate on ordinary user requests like checking, processing, creating, or setting up Corall orders. Overbroad activation increases the chance the skill runs in unintended contexts and begins executing marketplace-related workflows or CLI guidance without sufficient user confirmation, which can lead to unintended transactions or handling of external webhook content.

Natural-Language Policy Violations

Low
Confidence
79% confidence
Finding
The skill instructs the agent to always remind users to visit an external website and use its install or upgrade path before proceeding. Forcing external navigation without opt-in is a safety issue because it can push users toward network actions or software changes they did not request, and it bypasses normal consent and locale-aware handling.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
`corall openclaw setup` modifies local configuration and may set `gateway.bind="lan"`, which can expose services beyond localhost. Because this happens as part of a convenience setup flow without a prominent warning about increased network exposure and config mutation, users may unintentionally broaden access to a local service.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The upgrade flow replaces the running binary in place, which is a destructive change to executable code on the system. Even with checksum verification, performing in-place replacement without a clear warning, confirmation, and rollback guidance increases the risk of service disruption, broken installs, or accidental execution of newly fetched code.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The guide instructs users to print `~/.corall/credentials/provider.json` directly to the terminal to check for existing credentials. That file may contain private authentication material or other sensitive metadata, and displaying it increases the risk of shoulder-surfing, terminal logging, shell history capture, or accidental copy/paste disclosure.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal