ClawHub

open-webui-api 操作技能

Security checks across malware telemetry and agentic risk

Overview

The skill matches its Open WebUI integration purpose, but it can send API tokens, prompts, and selected files to a hardcoded server if the user does not explicitly set the URL.

Review before installing. Only use this skill with an Open WebUI server you trust, explicitly set OPENWEBUI_URL before running any command, and verify it is not falling back to 192.168.0.176. Treat the API key like a password, prefer a scoped token if available, and upload only files you are comfortable storing and processing in that Open WebUI instance.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly instructs users to configure an Open WebUI URL and API token and to upload documents, but it does not clearly disclose that document contents and queries will be transmitted to whatever server is configured at that URL. This creates a real privacy and security risk because users may unknowingly send sensitive local files or prompts to a remote host, including non-local or untrusted servers.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The manifest explicitly requests an API key and advertises document upload and knowledge-base query capabilities, but it provides no user-facing disclosure about what data will be transmitted to an external Open WebUI service or how the credential will be used. In a skill that can upload documents and query a remote RAG backend, this omission can lead users to unintentionally expose sensitive files or secrets to an external system without informed consent.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script uploads arbitrary local files to a remote Open WebUI server, but its help text and command flow do not clearly warn users that file contents leave the local machine. This creates a real data-exposure risk because users may upload sensitive documents under the mistaken assumption that processing is local or without appreciating the destination and retention implications.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The chat command sends the user's prompt content to the configured Open WebUI endpoint, but the interface does not clearly disclose this remote transmission. While expected for an API client, the lack of explicit notice can still lead to accidental sharing of confidential text with a remote service.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal