Clawwork
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: clawwork Version: 1.0.0 The skill is suspicious due to a critical prompt injection vulnerability that can lead to Remote Code Execution (RCE). The `cli.py` script directly embeds user-provided `task_description` into a configuration passed to an AI agent (`LiveAgent`). The `SKILL.md` explicitly states that an `E2B_API_KEY` is 'necessário para execução de código' (necessary for code execution), indicating the agent's capability to execute code. This allows an attacker to craft a malicious `task_description` to instruct the underlying AI (via E2B) to execute arbitrary commands on the host system, posing a significant security risk.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the skill may execute unreviewed local ClawWork code with access to task prompts and configured API keys.
The reviewed skill delegates execution to Python code in an external local ClawWork directory that is not included in the artifact set.
CLAWWORK_PATH = Path("/home/freedom/.openclaw/workspace/ClawWork")
sys.path.insert(0, str(CLAWWORK_PATH))
...
from agent.live_agent import LiveAgentOnly use this after installing ClawWork from a trusted, pinned source and reviewing its dependencies; the skill should include or pin the external dependency and document its provenance.
Using the skill can spend API credits and send task data to configured providers.
The skill expects provider credentials in a local .env file, although registry metadata lists no required env vars or primary credential.
Edite `~/.openclaw/workspace/ClawWork/.env`: ... OPENAI_API_KEY=sk-or-v1-xxx OPENAI_API_BASE=https://openrouter.ai/api/v1 ... E2B_API_KEY=e2b_xxx
Use dedicated, least-privilege API keys with spending limits, and ensure the registry metadata declares the required credentials.
A task may trigger multiple model/tool actions and associated provider costs before returning results.
The skill launches an agentic workflow with multiple steps and retries for user-supplied professional tasks.
"agent_params": {
"max_steps": 15,
"max_retries": 3,
...
}
...
await agent.run_date_range(init_date, end_date)Give narrow task prompts, monitor costs, and avoid submitting sensitive or high-impact tasks unless you have reviewed the underlying ClawWork tool permissions.
Professional task prompts and outputs may remain in local ClawWork logs or data directories.
The skill discloses a persistent local data/log location for ClawWork task history.
| Dados | `~/.openclaw/workspace/ClawWork/livebench/data/` | ... **GLM-4.7**: 157 dias de logs
Avoid submitting confidential data unless you understand ClawWork's log retention, and periodically review or clean stored task data.