ClawHub

Openclaw Network Diagnostics

Security checks across malware telemetry and agentic risk

Overview

This network diagnostic skill is mostly purpose-aligned, but it can expose Telegram credentials through validation output and an extra runtime config file.

Install only if you are comfortable reviewing and running the local Python script. Use a dedicated Telegram test bot and chat, keep redaction enabled, protect config and log files, avoid sharing logs without masking identifiers, and do not run validate-config on a real config in a logged terminal or CI environment unless secrets are redacted first.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The validate-config command prints the fully merged configuration, which includes telegram.bot_token and personal_chat_id, directly to stdout. In real deployments this can leak credentials into terminal scrollback, CI logs, shell history capture tools, or centralized logging systems, enabling unauthorized use of the bot token.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
When a proxy override is supplied, the code writes a new .netdiag.runtime.config.json file containing the merged configuration, including Telegram credentials, to disk. Persisting secrets unnecessarily expands exposure through filesystem access, backups, artifact collection, or accidental commits, especially for a diagnostics tool whose primary purpose is network testing rather than secret storage.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill asks the user to place a Telegram bot token and personal chat ID into a config file and then send diagnostic messages, but it does not prominently warn that these are sensitive credentials and that message metadata/content will be transmitted to Telegram. In a diagnostic context this is especially relevant because operators may use real personal accounts and production bots, leading to privacy exposure or credential mishandling.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The logging model is extensive and includes HTTP headers, IPs, ports, TLS metadata, payload sizes, rate-limit data, and exception stack traces, but the documentation does not strongly warn that these fields may contain secrets or highly sensitive operational data. In a continuously running network diagnostic tool with rotating JSON logs, this can produce a durable forensic dataset that exposes tokens, internal network topology, identifiers, and failure context if logs are read by unauthorized users or shipped insecurely.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
This behavior exposes sensitive settings without user-facing warning during a validation workflow that users may reasonably expect to be safe and non-invasive. Because bot tokens grant API access, disclosure can let an attacker send messages, read updates, and interfere with bot operation.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
Silently writing a runtime JSON file with sensitive settings creates an undisclosed secret-at-rest risk. Even if intended as a convenience for proxy overrides, this broadens the attack surface by leaving credentials behind on disk where other users, backup jobs, or forensic tooling may access them.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal