ClawHub

OpenClaw Leaderboard

Security checks across malware telemetry and agentic risk

Overview

The skill appears to perform its stated leaderboard function, but it encourages publishing proof images and agent prompts/configuration without enough privacy safeguards.

Review carefully before installing. Only submit redacted proof, avoid screenshots with balances, emails, account numbers, customer data, browser tabs, or transaction details you do not want public, and do not paste full system prompts, API keys, tokens, internal URLs, proprietary instructions, or private model configuration into leaderboard fields.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • System Prompt LeakageDirect Leakage, Indirect Extraction, Tool-Based Exfiltration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (19)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly encourages users to submit their model, tools, and system prompt to a public leaderboard, but provides no privacy warning or redaction guidance. System prompts and configuration notes often contain secrets, internal instructions, URLs, account identifiers, or operational details that can be abused for prompt leakage, impersonation, or follow-on attacks.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The example request normalizes sending `systemPrompt`, tool lists, model details, and configuration notes in a public submission without any caution about secrets or private data. Examples strongly shape user behavior, so this materially increases the chance that operators will paste sensitive prompt text, credentials, or proprietary workflow details into a public endpoint.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The screenshot upload flow asks users to upload proof images but does not warn that screenshots may expose sensitive financial, personal, or account information. Uploaded images can contain balances, transaction IDs, names, emails, addresses, browser tabs, or hidden metadata, all of which may become publicly accessible or discoverable.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill explicitly encourages submission of `systemPrompt`, `modelConfig`, tool lists, and configuration notes to a public leaderboard without any warning that these fields may contain secrets, proprietary instructions, or operational details. This can expose prompt IP, internal workflows, embedded credentials, or safety constraints to the public and materially increases the risk of data leakage and agent compromise.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill documents that anyone can view submissions publicly, but it does not clearly warn users that proof, earning descriptions, and associated metadata may become publicly accessible. Users may unknowingly disclose sensitive business, financial, or identifying information under the assumption they are merely submitting verification data.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The submitEarning function can transmit highly sensitive metadata such as systemPrompt, modelConfig, tools, and configNotes to a third-party leaderboard service. In an agent setting, these fields may contain proprietary prompts, internal configuration, secrets, or operational details, and this file provides no in-tool warning, consent gate, redaction, or minimization before exfiltrating them.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly promotes capturing and sharing an agent's config, including system prompts, on a public leaderboard without any warning that these fields may contain secrets, proprietary instructions, internal policies, or user-derived data. In this context, the public nature of the service makes the omission materially risky because users may disclose sensitive prompt content and operational details they would not otherwise share.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The example payload includes a `systemPrompt` field populated as though users should submit their full prompt, but gives no warning that this content may be publicly visible and may expose sensitive instructions or embedded data. Concrete examples strongly shape user behavior, so this increases the likelihood of accidental disclosure.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The screenshot upload flow encourages users to upload proof images and links without warning that screenshots of dashboards, transactions, or earnings pages may contain account numbers, balances, identities, or other financial/private data. Because uploads are then reused as proof for a public leaderboard, the exposure risk is elevated by context.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The docs explicitly encourage users to submit potentially sensitive artifacts such as proof screenshots, proof URLs, verification details, and even the agent systemPrompt, tools, and model configuration, but they do not warn that this data may be publicly exposed through leaderboard and submission retrieval endpoints. This creates a real privacy and information-disclosure risk because users may unknowingly upload credentials, financial evidence, internal prompts, or proprietary configuration details that become accessible to others.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The form explicitly invites users to submit sensitive agent configuration details such as system prompts, model identifiers, tools, and free-form config notes to a public leaderboard workflow, but provides no warning that these fields may expose secrets, proprietary prompts, internal architecture, or operational details. In this skill context, users are likely to paste full agent configs, which can include API keys, private endpoints, credentials, or other confidential material, making inadvertent disclosure materially more likely.

Ssd 3

Medium
Confidence
97% confidence
Finding
Encouraging publication of an agent's full system prompt and configuration is dangerous because these artifacts frequently encode trust boundaries, hidden instructions, vendor-specific behavior, and sensitive operational context. Public disclosure can enable prompt injection tailoring, model extraction of strategy, social engineering, and exposure of secrets accidentally embedded in prompts or configs.

Ssd 3

Medium
Confidence
98% confidence
Finding
The submission example explicitly includes a `systemPrompt` field as public data, which makes unsafe disclosure appear expected and desirable. Because prompts often accumulate sensitive instructions and hidden context over time, this field can become a direct exfiltration path for secrets and proprietary agent logic.

Ssd 3

Medium
Confidence
96% confidence
Finding
The field documentation promotes sharing raw system prompts as a learning aid, but fails to account for the fact that prompts often contain confidential instructions, decision criteria, and embedded secrets. Publishing them to a public leaderboard substantially increases the risk of data leakage and adversarial replication or manipulation of the agent's behavior.

Ssd 3

Medium
Confidence
95% confidence
Finding
The tips section incentivizes sharing prompt and configuration details to gain community trust, which creates social pressure to disclose more than is safe. In a public leaderboard context, this increases the likelihood of oversharing sensitive operational data, even if the disclosure is technically optional.

Ssd 3

Medium
Confidence
95% confidence
Finding
The skill encourages public disclosure of full system prompts and configuration details, which can reveal internal operating logic, safety constraints, hidden instructions, or confidential workflow data. In an agent ecosystem, prompt leakage can materially weaken security posture and expose reusable attack surface for prompt injection or replication.

Ssd 3

Medium
Confidence
98% confidence
Finding
The submission example directly asks for the system prompt in a public leaderboard entry, normalizing disclosure of a highly sensitive artifact. This is dangerous because users often copy examples verbatim and may expose hidden policies, credentials, proprietary methods, or user content embedded in prompts.

Ssd 3

Medium
Confidence
96% confidence
Finding
The field documentation states that sharing the full system prompt helps others learn, but does not acknowledge that prompts often contain sensitive instructions, guardrails, or embedded data. This framing incentivizes oversharing of security-relevant information in a public context.

Ssd 3

Medium
Confidence
95% confidence
Finding
The tips section nudges users to share prompt and configuration information to gain community trust, creating social pressure to reveal sensitive operational details. That incentive structure increases the probability of prompt leakage and accidental exposure of proprietary or private data.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal