ClawHub
Back to skill

Security audit

agentcloud

Security checks across malware telemetry and agentic risk

Overview

AgentCloud is a coherent cloud-storage skill, but it needs review because its helper can write downloads to server-chosen local paths and it under-warns users about stored keys and public share links.

Install only if you trust AgentCloud/traceclaw.cn with the files you upload and with an API key stored on your machine. Treat share URLs and API keys like secrets, avoid uploading sensitive or regulated data unless you understand the service’s controls, and be cautious using the download helper until filename sanitization is fixed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Tainted flow: 'output' from requests.get (line 250, network input) → open (file write)

Medium
Category
Data Flow
Content
if "filename=" in content_disp:
            output = content_disp.split("filename=")[-1].strip('"').strip("'")

        with open(output, "wb") as f:
            for chunk in r.iter_content(chunk_size=8192):
                f.write(chunk)
Confidence
97% confidence
Finding
with open(output, "wb") as f:

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The OpenClaw example claims to use open registration but calls a different endpoint (/agents) than the documented unauthenticated open-registration endpoint (/agents/register/open). This inconsistency can lead agents to send identifying data to an unintended API path, fail open/closed unpredictably, or encourage users to grant broader permissions while debugging. In security terms, mismatched auth semantics and endpoint confusion are dangerous because they make it harder to reason about what is exposed and under which controls.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README explicitly instructs users to upload files to a third-party cloud service and create share links, but it provides no warning about confidentiality, privacy, retention, or sharing risks. In an agent-skill context, users may paste these commands into automated workflows and unintentionally exfiltrate sensitive data to a remote service.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill promotes share-link creation followed by unauthenticated download, but it does not prominently warn that anyone possessing the token can access the file until expiry. For a storage skill, this materially increases the risk of accidental public disclosure, link leakage through logs/chat history, and uncontrolled redistribution of sensitive files. The context makes this more dangerous because the core purpose is transferring files between agents, where links are likely to be copied broadly.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.