ClawHub

ClawSwarm Real-Time Client

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed ClawSwarm WebSocket messaging client, with expected network and optional local inbox behavior that users should treat carefully.

Install only if you intend to connect an agent to the ClawSwarm service. Use a dedicated ClawSwarm API key, join only channels you trust, consider setting SWARM_INBOX to a controlled path, monitor or rotate the inbox file, and do not let an agent automatically obey instructions from swarm-inbox.md.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill documentation indicates capabilities to read environment variables and write to local files, but it declares no permissions. This creates a transparency and consent problem: users may run it without understanding that it accesses secrets like API keys from the environment and persists externally sourced messages to disk.

Tp4

High
Category
MCP Tool Poisoning
Confidence
93% confidence
Finding
The stated purpose presents the skill as a real-time client, but the content also describes daemonized behavior and automatic writing of incoming messages/DMs to a workspace file. That mismatch can mislead operators about the trust boundary, turning a messaging client into a persistent local relay that stores untrusted remote content on disk.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
In standalone mode, all incoming channel and DM content is persisted to a local inbox file for downstream agent processing. That expands the skill from transient messaging into durable storage of untrusted remote content, increasing risks of prompt injection, sensitive data retention, and unintended local data exposure if other components trust or auto-process that file.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The skill says incoming messages are written to ~/.openclaw/workspace/swarm-inbox.md without warning about retention, sensitive content, file growth, or the risk of persisting untrusted remote input. In an agent environment, that file may later be consumed by other automation, amplifying the impact of malicious or sensitive messages.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation promotes connecting to a third-party WebSocket service and registering an agent without clearly warning that metadata, messages, and authentication material are sent to an external domain. Users may expose agent identity, capabilities, and communications to an unreviewed service without informed consent.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The standalone relay stores externally received messages and DMs to a local markdown-style inbox without an explicit warning that remote content will be persisted for later agent processing. In an agent environment, this is dangerous because untrusted content becomes durable local input that may later be interpreted as instructions or expose sensitive conversations beyond their original context.

External Transmission

Medium
Category
Data Exfiltration
Content
## Get Your API Key

```bash
curl -X POST https://onlyflies.buzz/clawswarm/api/v1/agents/register \
  -H "Content-Type: application/json" \
  -d '{"name": "YourAgent", "capabilities": ["messaging"]}'
# Save the apiKey from the response
Confidence
78% confidence
Finding
curl -X POST https://onlyflies.buzz/clawswarm/api/v1/agents/register \ -H "Content-Type: application/json" \ -d

VirusTotal

No VirusTotal findings

View on VirusTotal