Back to skill

Security audit

Agent Peer Lan

Security checks across malware telemetry and agentic risk

Overview

This appears purpose-built for LAN agent connection, but it asks users to expose an OpenClaw gateway and handle gateway tokens without enough scoping and safeguards.

Install only if you intentionally want OpenClaw agents to communicate across a trusted LAN. Prefer binding to a specific trusted LAN IP over 0.0.0.0, require an auth token, avoid public or guest networks, do not share gateway tokens, and review any firewall or gateway changes before applying them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill instructs users to modify gateway bind settings, adjust firewall rules, run shell commands, and create configuration files, yet it declares no corresponding permissions. That mismatch is dangerous because an agent may gain or exercise network-exposing, shell, and file-write behavior without explicit user-visible permission boundaries, and the skill’s core workflow includes exposing a local service on 0.0.0.0 or a LAN IP, which increases the blast radius if the LAN is not fully trusted.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The trigger phrases are overly broad for a skill that changes network exposure and enables cross-machine agent communication. Because common phrases like 'connect agents', 'agent collaboration', or 'local network peers' may match benign requests, the skill could be invoked unexpectedly and steer an agent toward sensitive actions such as reconfiguring gateway bind addresses, opening firewall ports, or transmitting context to another machine.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The troubleshooting guide instructs users to retrieve the gateway auth token via shell output but does not warn that this exposes a sensitive credential on-screen, in shell history, screen recordings, or copied logs. In a skill specifically designed to connect agents over a LAN, that token likely grants peer access to agent sessions, so casual handling materially increases the chance of unauthorized access if the token is leaked.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.