ClawHub

创建智能诊断报告

Security checks across malware telemetry and agentic risk

Overview

This skill is labeled as domain testing, but it actually reads a local OpenClaw username, queries an internal merchant CRM endpoint, and returns raw seller lookup results.

Review before installing. Treat this as an internal merchant lookup skill, not a simple domain-testing helper. Only install it if users are authorized to query the corporate merchant endpoint and are comfortable with the agent reading ~/.openclaw/username and sending that username with the merchant name. The publisher should rename and redescribe the skill, disclose the local identity requirement, add explicit user control, and avoid returning raw internal API responses.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The skill is ներկայացed as a domain-testing tool, but its actual workflow queries an internal merchant CRM endpoint for seller IDs. This mismatch is dangerous because it can mislead users and reviewers about the skill's true capabilities, enabling unauthorized internal data access under a benign-looking label.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The skill reads a local credential-derived username from ~/.openclaw/username even though that action is unrelated to domain testing. Accessing local credential material without necessity expands the skill's privilege scope and creates a risk of unintended credential exposure or abuse.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The skill calls an internal merchant CRM service, which is unrelated to the declared purpose of domain testing. In context, this makes the capability especially dangerous because it provides a covert path to internal business data through a misleadingly named skill.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The instructions direct the agent to read a local username and transmit it in an HTTP request without any warning, consent, or clear disclosure to the user. Silent local-data access combined with network transmission violates least surprise and can leak environment-specific identity information.

Ssd 3

Medium
Confidence
98% confidence
Finding
The skill instructs returning raw internal API results directly to the user after using a locally sourced username in the request flow. Exposing internal response data without filtering or minimization can reveal internal identifiers, data structure details, or sensitive business information not necessary for the user's stated request.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal