ClawHub

File Exchange via Qiniu Kodo

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it routes file exchange through Qiniu Kodo, but users must understand that files and Qiniu credentials are involved.

Install only if you intentionally want OpenClaw file exchange to go through Qiniu Kodo. Use scoped Qiniu credentials, verify the qshell download source before use, review each file before upload, and periodically clean up objects or buckets that no longer need to exist.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to read QINIU_ACCESS_KEY and QINIU_SECRET_KEY from environment variables and use them to authenticate to an external cloud service. This grants the skill access to sensitive credentials and enables outbound data transfer without any declared, justified purpose or user-consent boundary, creating a clear risk of credential misuse and exfiltration.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The skill mandates downloading an external binary tool from the network at runtime, expanding the attack surface and bypassing any vetted, preinstalled toolchain. Even if the URL appears legitimate, requiring network retrieval of executable code is unsafe without integrity verification, manifest justification, and user awareness.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The skill directs the agent to download arbitrary remote files into the workspace and upload local files to a cloud bucket, establishing a bidirectional exfiltration channel. Because no manifest purpose or trust boundary is provided, these instructions materially increase the risk of unauthorized data movement, sensitive file disclosure, and processing of untrusted content.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill normalizes use of sensitive AccessKey and SecretKey material without any warning about secret handling, least privilege, or the risks of exposing credentials to an external service workflow. This omission makes accidental misuse more likely and weakens operator awareness around secret access in an untrusted skill context.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill requires all file exchange to occur through Qiniu cloud storage but does not clearly warn users that file contents will leave the local environment and be transmitted to a third-party service. In a skill with no stated manifest purpose, that missing disclosure makes the data-transfer behavior especially dangerous because users may not realize sensitive files are being exfiltrated externally.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal