ClawHub
Back to skill

Security audit

Poke Bridge

Security checks across malware telemetry and agentic risk

Overview

This skill has a legitimate Poke messaging purpose, but it sets up persistent phone-to-agent access with broad local and webhook capabilities that should be reviewed carefully.

Install only if you intentionally want a persistent Poke-to-OpenClaw bridge. Review the npm package and setup changes first, use revocable least-privilege tokens, understand how to disable the systemd services, avoid the public exposure option unless you add strong access controls, and do not expose file/log tools or external webhook actions unless you have clear source validation and approval rules.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The skill instructs operators to patch installed CLI and SDK binaries in place using `sed`, which is a powerful code-modification action unrelated to ordinary SMS routing. This creates supply-chain and integrity risk because it normalizes unaudited binary/library tampering and could be abused to alter security checks or introduce malicious behavior into trusted tooling.

Context-Inappropriate Capability

Medium
Confidence
82% confidence
Finding
The documentation describes exposing the local MCP server through a public URL via Tailscale Funnel or similar tunneling, expanding the attack surface beyond the core texting/event-routing purpose. Even though it warns this is less secure, publishing an agent-control endpoint can enable unauthorized probing, abuse, or exploitation if authentication or endpoint handling is weak.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal