ClawHub

OpenClaw Status API

Security checks across malware telemetry and agentic risk

Overview

This skill is a small status and weather API, but its paid-access and live-status claims do not match the implementation well enough for automatic trust.

Review carefully before installing or deploying. Treat this as unfinished demo code unless you add real x402 verification, choose and verify one payment wallet address, replace hard-coded status data with real monitoring sources, and add appropriate authentication, rate limiting, and privacy controls for any operational telemetry.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Intent-Code Divergence

Medium
Confidence
99% confidence
Finding
The middleware named and documented as enforcing payment never blocks unpaid requests and always calls next(), so all protected endpoints are effectively exposed for free. This is a real access-control and business-logic flaw because any client can bypass the intended paywall and consume the API without providing proof of payment.

Intent-Code Divergence

Medium
Confidence
99% confidence
Finding
The middleware is presented as a payment check for x402-gated APIs, but it unconditionally calls next() and never validates the payment headers. This creates an authorization bypass for any functionality intended to be paywalled, allowing free use of endpoints and undermining the service's access-control and billing model.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The skill explicitly advertises public endpoints that expose agent status, cron job health, and platform uptime without mentioning authentication, authorization, rate limiting, or privacy safeguards. Even if the data seems low sensitivity, operational telemetry can aid reconnaissance, reveal internal activity patterns, and expose business or infrastructure details to unauthenticated users.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal