Back to skill

Security audit

claw2tencentcloud

Security checks across malware telemetry and agentic risk

Overview

This is a plausible OpenClaw migration helper, but it asks users to handle powerful server and cloud credentials in risky ways and run an unverified downloaded script.

Treat this as a Review item, not confirmed malware. Install only if you trust the publisher and can review the downloaded migration script first. Use temporary least-privilege cloud credentials, prefer SSH keys with verified host fingerprints, make tested backups, run during a maintenance window, revoke credentials afterward, and delete temporary migration archives when finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The instructions require operators to place SSH passwords directly on the command line via `sshpass -p '{password}'` and to handle cloud `SecretId`/`SecretKey` values as CLI arguments. Command-line secrets can be exposed through shell history, process listings, logging, screenshots, or copied files, creating a substantial credential leakage risk. The use of `StrictHostKeyChecking=no` further weakens transport trust and increases exposure to man-in-the-middle attacks during migration.

Ssd 3

High
Confidence
97% confidence
Finding
The batch migration workflow instructs users to provide cloud API access keys, SSH login passwords, and instance mappings in plain workflow steps, then execute a downloaded external script. This creates a serious risk of credential theft, over-privileged access, accidental disclosure in chat/logs, and supply-chain compromise because the script is fetched from a remote URL without any integrity verification.

Ssd 3

High
Confidence
99% confidence
Finding
The single-instance flow asks for the source host password and interpolates it directly into shell commands using sshpass with StrictHostKeyChecking disabled. This is dangerous because credentials may be exposed in shell history, process lists, logs, or transcripts, while disabled host key verification enables man-in-the-middle attacks against the SSH/SCP connection.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.