ClawHub

dxh141130

Security checks across malware telemetry and agentic risk

Overview

The skill is purpose-built for WPS timeclock automation, but it can use saved credentials to change payroll-relevant time records with weak user-control safeguards.

Review carefully before installing. Use this only if you trust the publisher and are comfortable with an agent logging into WPS Time from saved Keychain credentials. Prefer explicit commands like punchclock status or punchclock clock in, require confirmation before any punch action, avoid sharing screenshots in sensitive channels, and verify that your WPS login flow is protected by HTTPS in your environment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (12)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The manifest includes very broad trigger phrases such as "status" and "check status," which can easily overlap with normal conversation and cause the automation to run unintentionally. In this skill, unintended invocation is more dangerous than usual because the action can log into a workplace timekeeping system and perform account-affecting operations.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill instructs the agent to attach a screenshot from a live payroll/timeclock session without warning that the image may contain sensitive workplace data, timestamps, employee identifiers, or session details. Sharing that screenshot back into chat can leak information to channels, logs, or unauthorized participants.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger phrases are broad enough to collide with ordinary conversational commands like 'status' or 'clock out', which can cause the agent to launch a browser session and perform a real timekeeping action unintentionally. In this skill, that risk is amplified because the runbook pairs ambiguous triggers with automatic credential use and immediate state-changing actions on an external system.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The runbook explicitly instructs the agent to use stored macOS Keychain credentials without prompting or warning the user, removing a meaningful consent checkpoint before accessing secrets. In the context of a payroll/timekeeping system, this can lead to silent account access and unauthorized punches if the skill is invoked accidentally or abusively.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script performs irreversible attendance actions like clock-in, clock-out, and break/lunch punches immediately based on the provided action argument, with no interactive confirmation or secondary validation. In an agent context, this increases the risk of accidental or prompt-induced timecard changes that can affect payroll records and employment compliance.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script automatically retrieves stored Keychain credentials and submits them to a remote service without any user-facing disclosure, while also taking a screenshot and returning a text snippet from the page. In an agent-driven environment, this can silently log the user into a third-party payroll system and expose sensitive employment data or credentials-derived access without informed consent.

Credential Access

High
Category
Privilege Escalation
Content
const LOGIN_URL = 'http://www.wpstime.com/NetTime/Login.asp';

// Preferred keychain service names for this distributable skill.
// Keep backward-compat fallback to the older OpenClaw-specific names.
const KC = {
  company: ['wpstime-punchclock.company', 'openclaw.wpstime.company'],
Confidence
90% confidence
Finding
keychain

Credential Access

High
Category
Privilege Escalation
Content
return def;
}

async function keychainGet(service) {
  try {
    const { stdout } = await execFileAsync('security', ['find-generic-password', '-s', service, '-w'], { maxBuffer: 1024 * 1024 });
    return stdout.trim();
Confidence
96% confidence
Finding
keychain

Credential Access

High
Category
Privilege Escalation
Content
}
}

async function keychainGetAccount(service) {
  try {
    const { stdout } = await execFileAsync('security', ['find-generic-password', '-s', service], { maxBuffer: 1024 * 1024 });
    const line = stdout.split('\n').find(l => l.includes('"acct"<blob>='));
Confidence
90% confidence
Finding
keychain

Credential Access

High
Category
Privilege Escalation
Content
await ensureDir(outDir);

  // Credentials are stored in macOS Keychain.
  // Preferred service names for this skill:
  // - wpstime-punchclock.company → secret = company/common id
  // - wpstime-punchclock         → account = username, secret = password
Confidence
88% confidence
Finding
Keychain

Credential Access

High
Category
Privilege Escalation
Content
return '';
  };

  const companyId = await firstNonEmpty(KC.company, keychainGet);
  const username = await firstNonEmpty(KC.account, keychainGetAccount);
  const password = await firstNonEmpty(KC.account, keychainGet);
Confidence
97% confidence
Finding
keychain

Credential Access

High
Category
Privilege Escalation
Content
};

  const companyId = await firstNonEmpty(KC.company, keychainGet);
  const username = await firstNonEmpty(KC.account, keychainGetAccount);
  const password = await firstNonEmpty(KC.account, keychainGet);

  if (!companyId || !username || !password) {
Confidence
97% confidence
Finding
keychain

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal