ClawHub

Gateway Token Doctor

Security checks across malware telemetry and agentic risk

Overview

This skill has a legitimate token-repair purpose, but its workflow can expose live gateway tokens and persist them in a way its own safety guidance says to avoid.

Review carefully before installing or using. Do not run the token-printing lines as written, do not paste outputs into shared chats or logs, back up the OpenClaw config and gateway startup script before changes, and rotate the gateway token if it has already been printed or shared.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The audit step prints the full gateway tokens from config and environment directly to console output, which contradicts the skill's own privacy guidance and can expose secrets through terminal history, logs, screenshots, CI captures, or session transcripts. Because this skill is specifically about authentication token repair, the exposed values are high-value credentials that could be reused to access the gateway or impersonate trusted components.

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The fix step writes the token into a service startup script even though the privacy guidance says tokens should be stored only in config files. Persisting a secret in an additional script broadens exposure through file reads, backups, source control accidents, process inspection, and weaker filesystem permissions, increasing the attack surface for credential theft.

Missing User Warnings

High
Confidence
99% confidence
Finding
This example explicitly outputs complete token values despite the stated rule to never log tokens and only show redacted values. In practice, command output is often captured by shells, remote support tools, monitoring systems, and shared terminals, so this creates a direct secret disclosure path during routine troubleshooting.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal