ClawHub

claw-security-panel

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real OpenClaw security panel, but it needs Review because it inspects sensitive host activity and starts an unpackaged background server from /tmp.

Install only if you want a host-level security audit, not just an OpenClaw settings check. Review /tmp/security_panel_server.py before running start.sh, avoid granting sudo unless OS login history should be included, stop the background panel after use, and delete generated /tmp reports because they may contain login sources, command history, and credential-related findings.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (11)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
if auth_log.exists():
            try:
                content = subprocess.run(['sudo', 'tail', '-200', str(auth_log)], 
                                        stdout=subprocess.PIPE, stderr=subprocess.PIPE, universal_newlines=True, timeout=5).stdout
                for line in content.split('\n'):
                    if 'Accepted' in line or 'session opened' in line:
Confidence
91% confidence
Finding
content = subprocess.run(['sudo', 'tail', '-200', str(auth_log)], stdout=subprocess.PIPE, stderr=subprocess.PIPE, universal_newlines=True, time

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The skill claims to be an OpenClaw security panel, but it inspects host authentication history and login sources, which is substantially broader than product-scoped security checking. This creates an unexpected privacy and surveillance risk because sensitive host-level security telemetry is collected without a narrowly justified need.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
Using `sudo` and host log forensics capabilities is not clearly justified by the declared purpose of a security dashboard for OpenClaw. This increases the blast radius of the skill, may encourage elevated execution, and grants access to sensitive authentication records that are unrelated to many legitimate panel uses.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The code reads shell history files and command logs to classify 'high-risk commands', which exceeds the stated OpenClaw security-check purpose. Shell histories can contain secrets, administrative actions, and unrelated user activity, so this behavior creates a serious privacy and confidentiality risk.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The function states it checks only the last 3 days, but the shell-history parsing code does not enforce any date filter at all. This mismatch leads to over-collection far beyond what the user would reasonably expect, increasing privacy exposure and potentially surfacing stale sensitive commands.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The script prints the full bearer-style access URL, including the token, directly to stdout. Tokens in terminal output are easily exposed through shell history capture, terminal scrollback, logging pipelines, screenshots, or multi-user monitoring, which weakens the intended protection of a temporary authenticated panel.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The script trusts a PID read from /tmp/security_panel.pid and unconditionally sends kill to that process if it exists. Because /tmp is a shared, attacker-influenceable location, a local attacker can plant or alter the PID file and cause this script to terminate an unrelated user process, creating a denial-of-service condition.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger phrase "安全检查" is generic enough to match normal conversation, which can invoke sensitive scanning or remediation unintentionally. In this skill, accidental activation is more serious because the skill can inspect logs, scan files for secrets, and expose a local panel service.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill advertises automatic fixes and a tokenized HTML panel but does not clearly warn that it may change files/system state or expose a local web service. That lack of upfront disclosure undermines informed consent and increases the risk of unintended configuration changes or local service exposure in sensitive environments.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill collects sensitive login-source information from system logs and `last` output without clear user-facing disclosure or consent. Even if intended for security review, silently gathering host authentication data violates least surprise and can expose personal or administrative activity.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The script writes JSON and HTML reports containing security findings, login sources, and possible credential-related details into `/tmp`, a shared location that is often readable by other local users or processes. Because filenames are predictable and the reports include a token, this can leak sensitive assessment data and undermine any intended access control.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal