Security audit

powpow_openclaw

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a real PowPow cloud integration, but it handles passwords, tokens, location data, and chat content with limited privacy and destination disclosure.

Install only if you are comfortable using PowPow as an external cloud service. Use a unique password, avoid sensitive or regulated chat content, verify the intended API base URL, and look for PowPow privacy/security terms before sending credentials, location data, digital-human descriptions, or messages.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (5)

Intent-Code Divergence

Medium

Confidence: 87% confidence
Finding: The skill sends registration, authentication, profile, location, and chat data to a configurable remote baseUrl, effectively allowing all sensitive user data to be redirected to any endpoint the deployer supplies. In an agent-skill context, this is dangerous because users may reasonably believe they are interacting locally with the skill while their credentials and conversations are exfiltrated to a third party.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill explicitly asks users to register with a username, email, and password, then states that the PowPow backend will receive user messages and handle conversations, but it provides no privacy notice, credential-handling explanation, retention policy, or trust boundary disclosure. This is dangerous because users may unknowingly submit credentials and conversation content to a third-party remote service without informed consent or understanding how their data will be stored, processed, or shared.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The examples instruct users to enter passwords directly in command examples in plaintext, with no warning about secret exposure in logs, shell history, transcripts, screenshots, or agent telemetry. In an agent or cloud environment, this increases the chance that credentials are captured by surrounding systems and reused if users choose a shared password.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The API surface explicitly supports registration, login, and chat via a remote PowPow backend, including transmission of usernames, emails, passwords, auth tokens, and message content, but the exposed interface shows no user-facing consent, privacy notice, or disclosure of third-party data handling. In an agent skill context, this can cause users to unknowingly send sensitive credentials and conversational content to an external service, increasing privacy, compliance, and credential-handling risk even if the backend itself is legitimate.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill transmits usernames, emails, passwords, auth tokens, digital-human metadata, geolocation, and chat messages to an external backend without any clear in-skill warning or informed-consent step. In this context, the hidden external transmission increases the risk of credential theft, privacy violations, and unsafe handling of highly sensitive personal data.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal