ClawHub

agent-manager

Security checks across malware telemetry and agentic risk

Overview

This skill appears purpose-aligned for managing OpenClaw agents, but it handles live Matrix credentials and persistent configuration changes with weak safeguards.

Review this skill before installing. Use it only with a disposable or backed-up OpenClaw configuration, avoid shared terminals and CI logs, do not rely on CONFIG_PATH until the scripts are fixed to honor it consistently, prefer HTTPS homeservers, and rotate any generated Matrix password or token after setup.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill describes registering Matrix accounts and handling access tokens, including printing tokens in command output and storing them in configuration, but provides no warning about secret exposure, logging, shell history, or persistent credential storage. This can lead to credential leakage, account compromise, and unauthorized messaging if users paste commands, save outputs, or commit configs inadvertently.

Missing User Warnings

High
Confidence
97% confidence
Finding
This script accepts Matrix access tokens on the command line and persists them into a JSON configuration file in plaintext. That is dangerous because command-line arguments may be exposed through shell history or process listings, and plaintext token storage increases the chance of credential theft leading to account compromise and unauthorized messaging activity.

Missing User Warnings

High
Confidence
98% confidence
Finding
The script prints the Matrix user ID and access token directly to stdout, which can expose credentials to terminal history, logs, process supervisors, CI/CD output, or calling programs that capture stdout. In an agent-management context, these tokens likely grant authenticated access to Matrix accounts and could be reused for impersonation or unauthorized messaging.

Missing User Warnings

High
Confidence
99% confidence
Finding
The default homeserver URL uses plain HTTP (http://localhost:8008), so usernames, passwords, and resulting access tokens are transmitted without transport encryption. Even if intended for local development, this is unsafe in containerized, proxied, or misconfigured environments where traffic may cross network boundaries or be observable by other local users/processes.

Missing User Warnings

High
Confidence
95% confidence
Finding
The script captures a Matrix access token and persists it into a configuration file without any visible permission hardening, secure secret storage, or warning about credential sensitivity. If the config file is readable by other local users, checked into backups, or mishandled operationally, the token can be reused to impersonate the agent account and access Matrix resources.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal