Security audit

HostLink

Security checks across malware telemetry and agentic risk

Overview

HostLink is clear about enabling host command execution, but it creates a persistent, high-impact bridge from the container to the host with broad scope and limited safeguards.

Install only if you intentionally want an agent to run commands on your host, not just inside the OpenClaw container. Review and pin the HostLink daemon source before using sudo install steps, run the daemon as a dedicated least-privileged user where possible, protect the token and socket, avoid direct TCP exposure, and require explicit user approval before each host command.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Rogue AgentSelf-Modification, Session Persistence
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The trigger phrases are broad enough to auto-invoke a capability that performs arbitrary command execution on the host, including requests like "run on host" or "outside container." In this context, loose matching is dangerous because accidental or indirect activation can cross a trust boundary from container to host and enable destructive actions on host files, services, or Docker state.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The skill advertises convenient host access but does not prominently warn that it enables arbitrary command execution outside the container with direct impact on the host system. Because this skill can access host files, run Docker, and invoke host-side tools, omission of a clear warning materially increases the chance of unsafe use and privilege-boundary confusion.

Session Persistence

Medium

Category: Rogue Agent
Content: sudo cp hostlinkd /usr/local/bin/ ``` ### 2. Create config ```bash sudo mkdir -p /etc/hostlink /run/hostlink /var/log/hostlink
Confidence: 83% confidence
Finding: Create config ```bash sudo mkdir -p /etc/hostlink /run/hostlink /var/log/hostlink sudo tee /etc/hostlink/hostlink.conf << 'EOF' node_name = host auth_token = CHANGE_THIS_TO_A_STRONG_SECRET unix_enabl

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal