ClawHub

Openclaw Aicfo Agent

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real AICFO integration, but it needs review because one API key can read company data and trigger connector or document workflow changes without strong built-in approval limits.

Install only if you trust the publisher and AICFO endpoint. Use a least-privilege API key, set an explicit company scope, and require manual approval before connector actions, document clarification submissions, reprocessing, template saving, applying answers to similar documents, imports, deletes, or other write-like operations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The adapter exposes a state-changing capability via `answer-document-questions`, which submits clarification answers and can optionally trigger reprocessing, template saving, and propagation to similar documents. That exceeds the described read/introspection scope of the skill, creating a scope mismatch that can mislead downstream agents or operators into invoking write actions they did not expect to authorize.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The declared tool surface includes document-question answering, which is broader than the stated purpose focused on introspection, company selection, MCP usage, connector actions, and Company-DB reads. In an agentic environment, undocumented or under-justified capabilities increase the risk of unintended data modification because the skill can be selected under false assumptions about being effectively read-only.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The guide explicitly enables access to sensitive company data sources and document workflows, including connectors, documents, and document-question answering, without any privacy, authorization, or data-minimization warnings. In an agent skill context, this increases the risk that an operator or downstream agent will over-collect, inspect, or modify sensitive business data beyond intended scope using a single bearer credential.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal