ClawHub

ii-IRC

Security checks across malware telemetry and agentic risk

Overview

This IRC skill is transparent and purpose-aligned, but it lets any watched-channel mention immediately feed untrusted IRC text into OpenClaw events without sender controls or approval.

Install only for IRC channels where you trust participants to wake and influence the agent. Prefer private or moderated channels, add sender/channel allowlists and rate limits before broad use, keep the agent’s permissions limited, rotate or delete `~/irc` logs as needed, and disable the user services when the bot should stop.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The watcher forwards IRC mention content directly into OpenClaw system events, effectively bridging untrusted network input into the local agent runtime. Without an explicit warning, filtering, or trust-boundary discussion, users may unknowingly allow arbitrary channel content, prompt injection, sensitive data, or abusive text to influence local agent behavior.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The generated watcher automatically forwards matching IRC message content into `openclaw system event --text`, which can transmit untrusted third-party chat content into another agent/system without sanitization, consent prompts, or scope limits. In this skill context, that is meaningful because IRC is an untrusted multi-user environment and mentions can be trivially triggered by anyone in-channel, enabling data exfiltration, prompt/event injection, or unwanted automated downstream actions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal