ClawHub

Clawfuse

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it claims: use LangFuse telemetry to build and optionally promote OpenClaw routing policies, with sensitive local artifacts that users should protect.

Install only if you want this skill to access LangFuse project telemetry and influence OpenClaw routing. Prefer environment variables over --persist-secrets, keep the optimizer output directory private, review staged routing_policy.json before enabling --promote-live-policy, and avoid daemon mode on production routing until you have validated the generated policies and retention practices.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill advertises and relies on sensitive capabilities including environment-variable access, network egress, shell execution, and local file writes, but does not declare explicit permissions beyond metadata requirements. This creates a trust and review gap: operators may invoke the skill without understanding it can read secrets, call external services, and modify persistent routing-policy files, increasing the chance of unintended secret exposure or unsafe system changes.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill supports persisting LangFuse API credentials into a local JSON config file when --persist-secrets is used, expanding secret exposure beyond transient runtime use. If the file is readable by other local users, included in backups, or accidentally committed, the credentials can be stolen and used to access telemetry or other connected resources.

Missing User Warnings

Low
Confidence
82% confidence
Finding
The normalization flow derives and persists prompt-related metadata such as input_sha256, prompt_char_count, prompt_name, prompt_version, event identifiers, and task/model routing data to JSONL and policy artifacts on disk. Although it does not write raw prompt text, these fields can still expose sensitive usage patterns, enable cross-dataset correlation, and leak information about prompts or workloads if the output files are stored insecurely or shared without notice.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The configure/save flow allows secret persistence without a prominent user-facing warning that credentials may be stored in plaintext on disk. In an automation skill that is designed to run continuously and write local state, this increases the chance of silent over-collection and insecure retention of secrets.

Session Persistence

Medium
Category
Rogue Agent
Content
- Network egress: calls LangFuse Public API.
- Local writes: writes raw snapshots, staged artifacts, and optional memory state under `--out-dir`.
- Live policy overwrite is opt-in via `--promote-live-policy`.
- Without `--promote-live-policy`, cycles are non-destructive (stage/evaluate only).
- Save persisted defaults with `--save-config`; edit/toggle with `configure`.
Confidence
83% confidence
Finding
write is opt-in via `--promote-live-policy`. - Without `--promote-live-policy`, cycles are non-destructive (stage/evaluate only). - Save persisted defaults with `--save-config`; edit/toggle with `conf

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal