ClawHub

Key Swap

Security checks across malware telemetry and agentic risk

Overview

This skill appears intended for key rotation, but it can overwrite stored API tokens and restart OpenClaw from broad triggers without an explicit confirmation step.

Install only if you intentionally want this skill to replace the token for both listed OpenClaw Anthropic profiles and restart the gateway. Before running it, back up auth-profiles.json, verify the profile names match your setup, and require an explicit confirmation before any credential update or service restart.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The script’s stated purpose is token rotation, but it also clears error and cooldown state for the same profiles. That hidden side effect changes rate-limit or failure-tracking behavior and can mask operational problems, making the skill do more than a user would reasonably expect from 'swap key'. In this context, modifying retry/failure metadata is not necessary to replace credentials and increases the risk of bypassing protective controls.

Context-Inappropriate Capability

Medium
Confidence
84% confidence
Finding
Restarting the gateway and performing a health check gives the skill service-control capabilities beyond simple key replacement. While likely intended to apply the new token immediately, it introduces an unexpected operational side effect: disruption or restart of a local service, which could interrupt active workloads or be abused as an unnecessary control surface. The mismatch between description and behavior makes this more dangerous because users may not anticipate service restarts from a key swap action.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill advertises broad activators such as "new key" and automatic triggering on any `sk-ant-` token, which can cause the rotation workflow to run when the user did not explicitly intend to modify credentials. In a credential-management skill, unintended invocation is particularly risky because it could overwrite valid API keys, disrupt service, or expose sensitive token handling paths during normal conversation.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal