ClawHub

Openclaw File Exporter

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says, but it broadly compresses and uploads local OpenClaw files, including configs, to a third-party public file host without strong safeguards.

Install only if you are comfortable with selected local files being sent to tmpfile.link and shared through returned download links. Do not use it for config files, credentials, tokens, private skills, internal prompts, or proprietary data unless you have reviewed the exact archive contents and accepted the external-hosting risk.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill advertises shell-based execution and file export behavior but does not declare permissions or safety boundaries. In practice, this hides sensitive capabilities from the agent/user and increases the chance the skill will be invoked without appropriate scrutiny for local file access and network exfiltration.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The script harvests upload credentials from environment variables and uses them automatically for a third-party upload service. In a skill whose purpose is exporting arbitrary OpenClaw files, this increases the blast radius: sensitive local data may be uploaded under a real account without explicit user consent, auditability, or scope restriction.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The top-level description is broad enough to match generic requests to export, back up, download, or share files, which can cause over-triggering. Because the skill uploads files to an external host, broad invocation language materially increases the risk of accidental disclosure of sensitive local data.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The usage guidance says to use the skill for sharing externally and for backups of any OpenClaw-related files, without constraints or exclusions. This makes the dangerous action path easy to justify in natural language even when the target files may include credentials, internal configs, or proprietary skills.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill description omits a clear warning that it sends local files to a third-party file hosting service. Without that warning, users or downstream agents may treat export as a local backup/download operation and unknowingly exfiltrate sensitive data externally.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script uploads local files to tmpfile.link, a third-party public file-sharing service, with no built-in confirmation, warning, or policy checks about external data transmission. Because the skill advertises exporting configs, skills, or any other files, it could exfiltrate secrets, credentials, or proprietary data if pointed at sensitive paths.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script silently reads authentication credentials from environment variables and transmits them as HTTP headers, but does not disclose this behavior to users or operators. This creates hidden sensitive-data handling and may cause unintended use of privileged accounts for uploads, complicating consent, logging, and incident response.

Ssd 3

High
Confidence
99% confidence
Finding
The skill explicitly encourages uploading arbitrary OpenClaw files, skills, and configuration files to an external public hosting service. In this context, those files may contain API keys, tokens, internal prompts, local paths, or other sensitive operational data, creating a straightforward exfiltration channel.

VirusTotal

No VirusTotal findings

View on VirusTotal