ClawHub

OpenClaw Security Check

Security checks across malware telemetry and agentic risk

Overview

This looks like a legitimate OpenClaw security checker, but it needs review because the bundled script has an unsafe config-parsing bug and can request elevated host inspection during a default audit.

Review or fix the script before installing. Run it manually only when you intend to audit this OpenClaw deployment, avoid heartbeat or cron use until the parser and sudo behavior are tightened, and do not approve firewall, SSH, or token changes unless you have backups and have verified remote access safety.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The script invokes `sudo ufw status` during what is described as a fast, read-only self-check. In an agent/skill context, this can unexpectedly trigger privilege escalation prompts, block automation, or cause the operator to grant elevated access to code that also processes sensitive configuration data.

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The header claims the script is 'read-only' and performs 'No modifications', which is misleading because later it can invoke `sudo` and trigger an authentication flow. Misrepresenting privilege behavior increases the chance that users or orchestrators run it under false assumptions and consent to elevated execution they did not expect.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The invocation phrases are broad enough that ordinary user conversation such as asking 'am I secure?' or 'check security settings' could trigger the skill unexpectedly. In an agent environment, overly permissive triggers can cause unplanned host inspection or privileged guidance to run in the wrong context, increasing the chance of unintended disclosure or risky operator actions.

Missing User Warnings

Medium
Confidence
78% confidence
Finding
The script reads the full OpenClaw configuration, including authentication material and potential plaintext secrets, without any user-facing notice about the sensitive data being accessed. In an agent skill, silent access to secret-bearing config increases privacy and secret-handling risk, especially if output is logged, forwarded, or used in automated workflows.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The firewall check performs privileged host inspection with `sudo` but gives no explicit warning that elevated access may be requested. In a skill ecosystem, hidden privilege boundaries are dangerous because they normalize approval of escalation and can surprise unattended or policy-restricted environments.

Chaining Abuse

High
Category
Tool Misuse
Content
sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
sudo sed -i 's/^#*PasswordAuthentication .*/PasswordAuthentication no/' /etc/ssh/sshd_config
sudo sed -i 's/^#*PermitRootLogin .*/PermitRootLogin no/' /etc/ssh/sshd_config
sudo sshd -t && sudo systemctl reload ssh
```
CRITICAL: Ensure key-based SSH access works in a separate session before closing current one.
Confidence
95% confidence
Finding
&& sudo

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal