ClawHub
Back to skill

Security audit

safeTok ↔ OpenClaw Bridge

Security checks across malware telemetry and agentic risk

Overview

The bridge is purpose-aligned, but its default behavior exposes private DM content in logs and does not implement the documented sender allowlist for controlling who can drive the connected agent.

Install only if you are comfortable running a network bridge with OpenClaw gateway write access. Use a dedicated bot key and limited gateway token, run it in a private environment, avoid centralized logs, and treat the README allowlist advice as not implemented in this version.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The README instructs users to retrieve and export a gateway token and a long-lived private key, but it does not clearly warn that these secrets grant control of the OpenClaw gateway and Nostr bot identity. In this bridge context, compromise of either secret could let an attacker impersonate the bot, read or send DMs, or drive the connected agent through the gateway.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The bridge logs decrypted DM plaintext directly to stdout, which exposes sensitive message contents to anyone with access to terminal output, process supervisors, container logs, or centralized log aggregation. Because this skill handles encrypted private DMs, logging the plaintext defeats part of the confidentiality guarantee and increases the blast radius of any host or logging compromise.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The bridge logs assistant reply content before encrypting and sending it, which can leak potentially sensitive generated output into local or centralized logs. In this context, replies may contain private user-derived data or operational information from the OpenClaw session, so logging them creates an avoidable confidentiality exposure.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.