ClawHub

OpenClaw Deck

Security checks across malware telemetry and agentic risk

Overview

This looks like a real local OpenClaw chat UI, but it needs review because it handles gateway tokens in browser-visible places and its multi-agent UI does not clearly route to separate backend agents.

Install only if you are comfortable running a local npm/Vite app that can send prompts to your OpenClaw Gateway. Avoid putting long-lived or broadly privileged gateway tokens in the URL or VITE_ environment variables, be aware that the page loads Google Fonts, and do not assume separate columns mean separate backend agents unless you verify the gateway routing behavior.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill explicitly instructs the agent to install npm dependencies and start a local Vite dev server that connects to a local gateway over WebSocket, which is network-capable behavior. However, the manifest does not declare corresponding permissions, creating a mismatch between declared and actual capabilities that can undermine user consent, policy enforcement, and sandboxing assumptions. In this context the networking appears necessary for the stated UI functionality, so the issue is more about undeclared capability exposure than obviously malicious behavior.

Context-Inappropriate Capability

Low
Confidence
95% confidence
Finding
The stylesheet imports fonts from fonts.googleapis.com, which causes the supposedly local web interface to make outbound network requests to a third party. This can leak metadata such as IP address, user agent, and usage timing, and it also weakens offline/local-only assumptions for the skill.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The app accepts a gateway authentication token from the URL query string, which is routinely exposed through browser history, copied/shared links, screenshots, logs, and the Referer header to other resources. In a chat-deck UI that connects to a local or configurable agent gateway, theft of that token could let another party connect to the backend and access or act through the user's agent session.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal