ClawHub

Failover Gateway Pub

Security checks across malware telemetry and agentic risk

Overview

This looks like a legitimate failover setup guide, but it automatically runs a persistent monitor that can copy a whole secrets directory during failover.

Review every command before using this skill on a server. Avoid SECRETS_HOST unless you truly need it; if used, sync only a narrowly scoped secrets directory with limited tokens and verified SSH host keys. Prefer verified or package-managed installers over curl-to-shell, keep workspace repos free of secrets, and test failover in a controlled window before enabling the monitor.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill contains multiple shell commands and system-level deployment steps but does not declare permissions or capabilities accordingly. This creates a trust and execution-boundary problem: consumers may treat the skill as low-risk documentation while it actually instructs privileged system changes, package installation, firewall modification, and service persistence.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The guide tells users to fetch and execute a remote installer directly with `curl ... | sh` without any integrity verification, pinning, or warning. If the remote source, CDN, TLS trust chain, or upstream account is compromised, arbitrary code will run immediately on the target VPS, likely as root during provisioning.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The standby design relies on cloning and later syncing a workspace repository, but the guide does not warn that configs, prompts, logs, secrets, or user-derived data may be committed or transferred to a third-party Git host. In an HA/recovery context this is particularly sensitive because the workspace may contain operational state and credentials needed for failover.

External Script Fetching

High
Category
Supply Chain
Content
# Copy your SSH key to openclaw user

# Install Tailscale
curl -fsSL https://tailscale.com/install.sh | sh
tailscale up --hostname=your-failover-name
```
Confidence
97% confidence
Finding
curl -fsSL https://tailscale.com/install.sh | sh

External Script Fetching

Low
Category
Supply Chain
Content
```bash
# As openclaw user
curl -fsSL https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.3/install.sh | bash
source ~/.bashrc
nvm install --lts
npm install -g openclaw
Confidence
94% confidence
Finding
curl -fsSL https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.3/install.sh | bash

Chaining Abuse

High
Category
Tool Misuse
Content
# Copy your SSH key to openclaw user

# Install Tailscale
curl -fsSL https://tailscale.com/install.sh | sh
tailscale up --hostname=your-failover-name
```
Confidence
98% confidence
Finding
| sh

Chaining Abuse

High
Category
Tool Misuse
Content
```bash
# As openclaw user
curl -fsSL https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.3/install.sh | bash
source ~/.bashrc
nvm install --lts
npm install -g openclaw
Confidence
97% confidence
Finding
| bash

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal