ClawHub

西之月登录

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Westmoon QR login helper, but it stores reusable account tokens locally for other Westmoon skills to use.

Install only if you trust Westmoon and the Westmoon skills that may read ~/.westmoon-user-login/tokens.json. Keep QR output and session logs private, do not sync or share the token directory, and use the logout command to remove saved tokens when reuse is no longer desired.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill performs sensitive operations including network access, shell/Python execution, environment inspection, and reading/writing token files, yet it declares no permissions. This creates a transparency and policy-enforcement gap: users or orchestrators cannot accurately assess or constrain what the skill can do, while the skill persists authentication material to disk for reuse by other components.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The activation condition is overly broad because it triggers not only on explicit user login requests but also whenever another skill detects a missing or expired access token. In a multi-skill environment, this can cause unexpected login prompting and token acquisition flows without a fresh, intentional user request, increasing the chance of confused-deputy behavior and unnecessary credential handling.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill description says tokens and user info will be saved to ~/.westmoon-user-login/tokens.json for reuse, but it does not present this as a prominent user warning or consent point. Persisting access_token, refresh_token, and user information locally increases exposure if the host is shared, compromised, or backed up insecurely, and users may not realize the retention scope from the trigger text alone.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documentation explicitly instructs the skill to persist highly sensitive authentication material, including access tokens, refresh tokens, and pending login state, under predictable paths in the user's home directory. Storing reusable tokens on disk without any warning, security guidance, permission restrictions, encryption, or lifecycle controls increases the risk of credential theft from local compromise, backups, logs, or multi-user environments.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The guide instructs other skills to directly read reusable access and refresh tokens from a predictable file in the user's home directory, but provides no guidance on permission hardening, scope restriction, or limiting which skills may access it. In an agent ecosystem where multiple skills can run with the same user privileges, this creates a credential-sharing channel that can enable token theft, unauthorized API access, and long-lived account compromise via the refresh token.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The OpenClaw integration explicitly documents emitting QR-code file paths and raw data URI content into session output, but does not warn that session logs, transcripts, or downstream tools may capture and retain these authentication artifacts. Because login QR codes are part of an active authentication flow, exposing them through shared output channels can allow unintended parties or components to reuse or inspect sensitive login material.

Missing User Warnings

Medium
Confidence
81% confidence
Finding
The client writes QR login images to a persistent directory under the user's home folder without any visible disclosure, permission prompt, or cleanup on save. Because these images encode active login material, leaving them on disk can expose authentication artifacts to other local users, backup systems, or later compromise of the host.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal