ClawHub

Openclaw New Agent

Security checks across malware telemetry and agentic risk

Overview

The skill does what it claims, but it asks users to send Feishu App Secrets through chat without adequate secret-handling warnings.

Install only if you are comfortable with the agent modifying ~/.openclaw/openclaw.json, creating a persistent workspace, and storing a Feishu App Secret. Prefer a dedicated low-privilege Feishu app, avoid sharing secrets in public or shared chats, rotate the secret if it was exposed, review the config patch before restart, and use verified ClawHub or repository sources rather than informal package copies.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The README explicitly instructs users to send App ID and App Secret to a bot in chat, which normalizes disclosure of long-lived credentials through a conversational channel that may be logged, retained, forwarded, or exposed to the model and platform operators. In this skill's context, those credentials are exactly what authorize creation and control of a Feishu bot, so leakage could enable account takeover or unauthorized API use.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly asks the user to provide App ID and App Secret for a new Feishu bot, but it does not warn against exposing secrets in chat, logs, or persistent skill artifacts. In an agent setting, credentials entered into a conversational workflow may be retained in transcripts, debugging logs, memory files, or copied into config files with broad filesystem visibility, creating a real secret-handling risk.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The skill tells the operator to grep gateway logs to recover sender open_id values, but it does not acknowledge that logs may contain personally identifying account identifiers and potentially other message metadata. This encourages unnecessary exposure and ad hoc handling of identifiers in shell history, terminals, screenshots, or copied notes.

Ssd 3

High
Confidence
99% confidence
Finding
The document contains a natural-language instruction telling users to disclose sensitive credentials directly to the robot. This is dangerous because users may follow the instruction without understanding that chat-based collection exposes secrets to logging pipelines, model processing, screenshots, administrators, or future prompt/context leakage.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal