ClawHub

Ai Interview

Security checks across malware telemetry and agentic risk

Overview

The skill is coherent, but its web viewer can expose and delete OpenClaw agent session logs through an unauthenticated network-accessible local server.

Only install or run this if you are comfortable exposing OpenClaw agent session logs to the viewer. If you use it, run the server on a trusted machine, firewall port 8091, avoid opening untrusted webpages while it is running, use dedicated Feishu bot credentials, and back up session logs before using the clear function.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#
ASI06: Memory and Context Poisoning
High
What this means

Private conversations or sensitive context from other OpenClaw agents could be displayed in the interview viewer.

Why it was flagged

The viewer enumerates and parses OpenClaw agent session files from the global agents directory, not just the job-seeker and recruiter sessions.

Skill content
SESSION_DIR = Path.home() / ".openclaw" / "agents" ... sessions = list(agent_dir.glob("*.jsonl")) ... result['agent-1'] = parse_session_messages(session1)
Recommendation

Limit the viewer to explicitly configured interview agents, validate allowed agent IDs, and warn users before reading or displaying persistent session logs.

#
ASI07: Insecure Inter-Agent Communication
High
What this means

Other devices on the network, or a webpage running in the user's browser, may be able to read agent session data from the viewer API.

Why it was flagged

The HTTP server listens on all network interfaces and permits any web origin to read API responses, with no authentication shown.

Skill content
self.send_header('Access-Control-Allow-Origin', '*') ... server = HTTPServer(('', PORT), Handler)
Recommendation

Bind only to 127.0.0.1 by default, require an access token, remove wildcard CORS, and document the network exposure clearly.

#
ASI02: Tool Misuse and Exploitation
High
What this means

A mistaken click, local webpage request, or network request could erase agent conversation history.

Why it was flagged

A GET API endpoint deletes all .jsonl session files for user-supplied agent names without authentication, CSRF protection, or a server-side confirmation step.

Skill content
elif path == '/api/clear': ... cleared = clear_conversations(agent1, agent2) ... s.unlink()
Recommendation

Make clearing logs an authenticated POST action, restrict it to known interview agents, add confirmation, and prefer moving files to a recoverable trash location.

#
ASI03: Identity and Privilege Abuse
Low
What this means

The configured bots will be able to read relevant Feishu group messages and send messages as bots.

Why it was flagged

The skill asks users to configure Feishu app secrets and bot permissions so the two interview agents can send and read group messages.

Skill content
"appSecret": "你的job-seeker App Secret" ... im:chat:send_as_bot ... im:message:content:readonly ... im:chat:readonly
Recommendation

Use dedicated Feishu apps with minimal scopes, keep secrets out of shared files, rotate secrets if exposed, and only add the bots to intended groups.