Security audit

POWPOW Integration

Security checks across malware telemetry and agentic risk

Overview

This is a coherent POWPOW chat integration, but it sends chat data to POWPOW and can auto-reply when explicitly enabled.

Install only if you intend to connect OpenClaw to POWPOW. Avoid sending sensitive chat content or private media URLs, use only a POWPOW WebSocket endpoint you trust, and enable autoReply only when automatic outbound messages are acceptable.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Context-Inappropriate Capability

Medium

Confidence: 93% confidence
Finding: The listen command is documented as passive message listening, but when params.autoReply is enabled it automatically generates and sends outbound messages. In an agent skill, this expands behavior from observation to autonomous action, which can cause unintended external communications, spam, or policy violations if triggered by untrusted inbound content.

Intent-Code Divergence

Medium

Confidence: 89% confidence
Finding: The command description says it starts listening for messages, but the implementation may also send replies. This documentation/behavior mismatch is security-relevant because callers may grant or invoke the capability assuming it is read-only when it can actually perform outbound actions.

Intent-Code Divergence

Medium

Confidence: 94% confidence
Finding: The stopListen command calls removeAllListeners('message'), which removes every message listener on the shared PowPowSkill instance, including listeners installed by connect() or other features. This can disable unrelated handlers, break security monitoring or auditing flows, and create integrity/availability issues if one consumer can silence another consumer's message processing.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill documents a real-time WebSocket integration that sends chat content, media URLs, identifiers, and related metadata to an external POWPOW service, and later states messages are stored in a remote database. However, it does not clearly warn users up front that their data leaves the local agent environment and is retained by a third party. In a chat/messaging skill, this omission can mislead users into sharing sensitive content under incorrect assumptions about locality or privacy.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal