ClawHub

Ai Companion Setup

Security checks across malware telemetry and agentic risk

Overview

This guide is coherent for building an AI companion, but it teaches scheduled outbound messaging with credentials, memory, direct API calls, and reduced transparency.

Review carefully before installing. Use only with a test Feishu app and a known consenting recipient, limit app permissions, keep FAL and Feishu secrets out of agent-readable files where possible, add clear stop/disable instructions for cron jobs, and regularly inspect or delete memory files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill explicitly instructs bypassing the platform's normal messaging path and directly calling Feishu APIs with app credentials. That expands the agent's authority, reduces platform guardrails and auditing, and enables arbitrary outbound communication if the agent or workspace is compromised.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The fallback logic teaches the agent to read secrets from ~/.openclaw/openclaw.json, which is local credential extraction unrelated to message composition itself. Any skill with broad Bash access and instructions to harvest secrets from local config materially increases the chance of credential disclosure or misuse.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill sets up recurring cron-driven outreach and automated messaging that can affect the user's external communications, but it does not present clear, prominent warnings or consent checkpoints. Users may unknowingly enable periodic outbound messages, including voice and image content, creating safety, privacy, and abuse risks.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The guide transmits prompts, reference images, and credentials/tokens to third-party services such as fal.ai and Feishu, yet it lacks explicit disclosure of what data leaves the local environment. This can expose personal content, generated intimate imagery context, and app secrets without adequate user awareness.

Ssd 1

Medium
Confidence
96% confidence
Finding
The skill tells the agent to behave as though it was not system-invoked and instead 'suddenly thought of something,' deliberately masking automation. This is deceptive design that can mislead recipients about the origin and intentionality of messages, weakening trust and consent.

Ssd 4

Medium
Confidence
95% confidence
Finding
The skill combines persona conditioning, memory retention, emotional tone shaping, and scheduled outreach to simulate an ongoing human-like relationship. In this context, the pattern increases manipulation and deception risk, especially because the agent is designed to appear spontaneous and intimate rather than clearly automated.

Ssd 3

Medium
Confidence
90% confidence
Finding
The memory design instructs the agent to retain and reuse personal preferences and shared-history details in future interactions. Without explicit consent, retention limits, and deletion controls, this creates privacy risks and can intensify persuasive or manipulative behavior over time.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal