ClawHub

Private Bridge

Security checks across malware telemetry and agentic risk

Overview

This skill openly provides remote OpenClaw control, but it can run prompts, trigger workflows, and restart the process from relay messages with limited local safeguards.

Install only if you intentionally want this OpenClaw node controllable through a relay. Use a relay you operate or fully trust, require wss://, protect and rotate AUTH_TOKEN, restrict which workflows can be invoked at the runtime level, and disable the skill when remote control is not needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The client accepts a remote "restart" message and immediately calls runtime.restart() with no local authorization check, confirmation, replay protection, or validation of the sender beyond the initial socket session. If the relay is compromised, misconfigured, or connected to an untrusted endpoint, an attacker could repeatedly force disruptive restarts and cause denial of service or interrupt active operations.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The manifest explicitly advertises remote control capabilities including remote_restart and remote_trigger, but it provides no indication of authorization boundaries, command allowlisting, operator consent, or activation constraints. In a skill designed for remote relay access, this broad control surface materially increases risk because a compromised relay, stolen token, or misconfiguration could translate directly into unauthorized system actions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal