ClawHub

ClawGears

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real OpenClaw macOS security audit skill, but it deserves review because it can expose token fragments and creates sensitive local audit artifacts.

Install only if you want a macOS OpenClaw security-audit tool and are comfortable with shell scripts inspecting local security state, contacting public-IP/exposure services, and writing local reports and backups. Review generated reports and backups as sensitive files, avoid sharing terminal output from token rotation, and manually verify any claimed hardening results before relying on them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger phrase "Run a security audit" is broad, generic, and likely to collide with ordinary user requests unrelated to this specific skill. In an agent ecosystem, overly broad activation language can cause unintended invocation of privileged audit or fix functionality, increasing the chance of surprise execution or confusing skill routing.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README advertises "Auto-fix capabilities" and an "interactive-fix.sh" script but does not warn that running the skill may change security settings, permissions, or local configuration. That lack of disclosure is risky because users may invoke the skill expecting read-only diagnostics, while the skill context suggests it can perform system-affecting remediation on macOS.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The script reads sensitive local security state, including authentication token metadata from `~/.openclaw/openclaw.json`, TCC privacy database contents, local workspace structure, active network connections, and recent logs, without any explicit consent prompt or disclosure. In an agent-skill context, this broad host inspection increases privacy risk because running the skill exposes security-relevant local information to the skill's output and any downstream consumer of the generated report.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script prints a preview of the current authentication token to stdout, which can expose credential material in terminal scrollback, session recordings, logs, or shoulder-surfing scenarios. Even partial token disclosure reduces secrecy and is unnecessary for remediation, especially in a security-fix script handling sensitive configuration.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
After generating a new token, the script prints part of the freshly issued credential, again exposing secret material to anyone with terminal, logging, or recording access. This is particularly risky because the new token is valid and intended to improve security, but the script immediately weakens that protection by revealing it.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script automatically sends the user's public IP to several third-party services to discover it, and later to the configured external site for exposure checking, without clearly warning the user in the help text or requesting consent. Public IPs are sensitive metadata that can be logged, correlated, and used for profiling or infrastructure discovery, so silent transmission creates a real privacy and security risk.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script saves a JSON history file containing the user's public IP and exposure status under a local history directory without disclosing this behavior in the interface. Persisting network-identifying information can create a forensic trail that other local users, backup systems, or malware can access, increasing privacy exposure beyond the immediate scan.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal