ClawHub

OpenClaw Sync Bridge

Security checks across malware telemetry and agentic risk

Overview

This is a real OpenClaw-to-GitHub-Gist sync tool, but it needs review because it syncs sensitive agent files and stores a GitHub token in a weakly protected way.

Install only if you are comfortable syncing OpenClaw identity, user, tool, and skill files through a GitHub Gist. Prefer manual installation over pipe-to-shell, use a minimally scoped gist-only GitHub token, protect or revoke the token if the machine is shared, review diffs before pulling, and only pull from a Gist you fully control.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The documentation instructs users to install the skill by piping a remotely fetched script directly into a shell (`bash`/`iex`) without any verification, pinning, or review step. This is dangerous because a compromised server, DNS/TLS interception, or malicious update to the hosted installer can immediately lead to arbitrary code execution on the user's machine.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The setup flow collects a GitHub token and persists it in sync_config.json in plaintext without an explicit warning, secure storage, or permission hardening. Any local user, process, backup system, or accidental file sync that can read this file could obtain the token and use it to access or modify the user's GitHub gists.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The code includes the local device hostname in sync-manifest.json and uploads it to GitHub without explicit disclosure or consent. Hostnames can reveal user identity, organization naming conventions, or internal infrastructure details, creating unnecessary metadata leakage.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal