ClawHub

Vault-0: Agent Security, Monitor & x402 Wallet for OpenClaw

Security checks across malware telemetry and agentic risk

Overview

Vault-0 is coherently described as a local security tool, but it asks users to install an unnotarized latest GitHub desktop app that will handle API keys, agent activity, and optional wallet material.

Review before installing. Only proceed if you trust the publisher and GitHub release process, verify the DMG hash independently, consider building from source, and back up your OpenClaw .env and vault data before hardening or uninstalling. Treat wallet features and monitoring as sensitive local access.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Description-Behavior Mismatch

Low
Confidence
95% confidence
Finding
The metadata claims installation only downloads a DMG from GitHub releases, but the documented flow also calls the GitHub API to resolve the latest version and asks the user to verify hashes against the release page. This is a documentation/security-disclosure mismatch rather than direct exploitation, but it can mislead users about the actual network exposure during install.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The install command mounts a disk image, copies an app bundle into /Applications, detaches the volume, and deletes the downloaded DMG, all in one chained command without an explicit warning that it modifies the system. This increases the risk of users approving impactful filesystem changes without informed consent or an opportunity to inspect each step.

Missing User Warnings

High
Confidence
96% confidence
Finding
The uninstall section provides multiple rm -rf commands that irreversibly delete the app and associated data directories, but it lacks a strong caution about permanent data loss. In a skill context, users may copy-paste these commands without realizing they will remove the encrypted vault, policies, and local state.

Tool Parameter Abuse

High
Category
Tool Misuse
Content
## Step 4: Install

```bash
hdiutil attach /tmp/Vault-0.dmg -nobrowse && cp -R "/Volumes/Vault-0/Vault-0.app" /Applications/ && hdiutil detach "/Volumes/Vault-0" && rm /tmp/Vault-0.dmg && echo "Vault-0 installed to /Applications"
```

## Step 5: Launch
Confidence
83% confidence
Finding
rm /tmp/Vault-0.dmg && echo "Vault-0 installed to /Applications" ``` ## Step 5: Launch ```bash open /Applications/Vault-0.app ``` Vault-0 will open and automatically detect your OpenClaw installati

Tool Parameter Abuse

High
Category
Tool Misuse
Content
## Step 4: Install

```bash
hdiutil attach /tmp/Vault-0.dmg -nobrowse && cp -R "/Volumes/Vault-0/Vault-0.app" /Applications/ && hdiutil detach "/Volumes/Vault-0" && rm /tmp/Vault-0.dmg && echo "Vault-0 installed to /Applications"
```

## Step 5: Launch
Confidence
83% confidence
Finding
rm /tmp/Vault-0.dmg && echo "Vault-0 installed to /

Tool Parameter Abuse

High
Category
Tool Misuse
Content
To completely remove Vault-0:

```bash
rm -rf /Applications/Vault-0.app
rm -rf ~/Library/Application\ Support/Vault0
rm -rf ~/.config/vault0
```
Confidence
97% confidence
Finding
rm -rf /Applications/

Tool Parameter Abuse

High
Category
Tool Misuse
Content
```bash
rm -rf /Applications/Vault-0.app
rm -rf ~/Library/Application\ Support/Vault0
rm -rf ~/.config/vault0
```
Confidence
97% confidence
Finding
rm -rf ~/Library/Application\ Support/

Tool Parameter Abuse

High
Category
Tool Misuse
Content
```bash
rm -rf /Applications/Vault-0.app
rm -rf ~/Library/Application\ Support/Vault0
rm -rf ~/.config/vault0
```

This removes the app, encrypted vault, and policy files. Wallet keys in macOS Keychain must be removed separately via Keychain Access (service: vault0-wallet).
Confidence
97% confidence
Finding
rm -rf ~/.config/

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal