ClawHub

Openclaw Gateway Guardian

Security checks across malware telemetry and agentic risk

Overview

The watchdog code matches its stated purpose, but the package includes under-scoped installation and credential-handling instructions that need careful review before use.

Install only if you intentionally want a local process that can restart your OpenClaw gateway and leave runtime files behind. Do not use the token-in-URL Git examples, review any installer before running it, avoid SYSTEM or boot-start deployment unless necessary, and keep notification tokens/webhooks out of repositories, logs, and screenshots.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (7)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
This deployment guide instructs users to run an installation script with PowerShell ExecutionPolicy bypass and to publish the repository publicly, but it does not warn about the security implications of executing privileged/system-changing scripts or exposing operational details. In a security-sensitive gateway guardian skill, these omissions increase the risk that users will make unsafe changes or publish sensitive infrastructure information without review.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The guide instructs users to place authentication tokens directly in command lines and URLs (for both GitHub and ClawHub) without warning that such secrets may be exposed through shell history, process listings, clipboard leakage, logs, screenshots, or terminal recordings. This is a real credential-handling weakness in documentation because it normalizes unsafe secret usage and can lead to account compromise if tokens are copied or reused carelessly.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README advertises automatic restart, health logging, and Feishu/Telegram/WeChat notifications, but it does not clearly foreground that the skill will create and modify files under ~/.openclaw_guardian and may transmit operational alert data to third-party services. In an agent-skill context, incomplete disclosure can mislead users into enabling monitoring and external notifications without understanding persistence, local state changes, or outbound data flow.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill promotes Feishu, Telegram, and WeChat notifications without warning that service status, timestamps, host details, or failure information may be transmitted to third-party platforms. This can expose operational metadata outside the local environment and create privacy, compliance, or information-leak risks, especially in enterprise deployments.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill promotes Feishu, Telegram, and WeChat notifications without warning that service status, timestamps, host details, or failure information may be transmitted to third-party platforms. This can expose operational metadata outside the local environment and create privacy, compliance, or information-leak risks, especially in enterprise deployments.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The document instructs users to embed a GitHub access token directly in a command-line URL. This is dangerous because tokens passed on the command line may be exposed via shell history, process listings, logs, screenshots, or copied terminal transcripts, leading to repository compromise or broader GitHub account abuse depending on token scope.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The document tells users to add webhook/token secrets into a local config file without warning that these are sensitive credentials. In the context of a monitoring/guardian service that runs automatically and may log or be deployed under privileged accounts, storing secrets in plaintext config files can lead to credential leakage through filesystem access, backups, repository commits, or diagnostics.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal