ClawHub

Nano Gpt Plugin

Security checks across malware telemetry and agentic risk

Overview

This is a NanoGPT provider plugin whose sensitive behavior is using a NanoGPT API key for model access; the riskier shell commands are confined to a manual integration-test script.

Install only if you intend to connect OpenClaw to NanoGPT and are comfortable with model calls using your NanoGPT credits. Treat the API key like a password, avoid putting it in shell history where possible, and do not run final_integration_test.sh except in a disposable test environment because it deletes remote OpenClaw plugin/session data and passes the key over an SSH command line.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
Passing an API key on the command line can expose the secret through shell history, process listings, CI logs, terminal recordings, and audit tooling. The surrounding runbook explicitly frames onboarding as the approved secret-handling path, so documenting a CLI argument form weakens that control and makes accidental credential disclosure more likely.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README instructs users to provide an API key and states that it will be stored in OpenClaw configuration, but it does not warn that the key is a sensitive credential or describe how it is protected at rest. This can lead users to place secrets in plaintext config files, commit them to source control, or handle them insecurely, increasing the risk of credential leakage and unauthorized API usage.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script performs remote destructive actions (`rm -rf` on the remote plugin directory and later deletion of session data) without any confirmation, dry-run mode, or prominent warning. In an integration-test context this may be operationally expected, but it is still dangerous because a misconfigured host, path, or variable could cause unintended remote data loss.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The NanoGPT API key is passed over SSH to a remote command line via `--nano-gpt-api-key "$NANOGPT_API_KEY"`, which exposes the secret to the remote environment and may leak it through process listings, shell history, logs, or debugging output. Even if transmitted over an encrypted SSH channel, the credential handling on the remote side is insufficiently protected.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal