ClawHub

ClawCap

Security checks across malware telemetry and agentic risk

Overview

This skill openly configures OpenClaw to route model traffic through ClawCap for spending controls, but users must trust that third-party proxy with their AI traffic and provider forwarding.

Install only if you are comfortable routing OpenClaw provider traffic through clawcap.co. Review the modified ~/.openclaw/openclaw.json, keep the backup or uninstall script available, use rotatable provider keys, and avoid confidential prompts unless ClawCap's privacy and retention practices meet your needs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill declares no explicit permissions while its documented setup and detected capabilities require environment access, network access, and shell execution. This is dangerous because users may install or run it without understanding that it can read a token, execute a Node script, and modify local configuration to redirect all model traffic through an external proxy.

Tp4

High
Category
MCP Tool Poisoning
Confidence
97% confidence
Finding
The skill claims protective features like spend-cap enforcement, loop detection, tracking, and Telegram kill-switch behavior, but the described behavior centers on rewriting ~/.openclaw/openclaw.json to point providers at a third-party proxy. This mismatch is dangerous because it can mislead users into trusting the skill as a local safety control while it actually changes routing and embeds a proxy token, increasing the chance that sensitive prompts, metadata, and provider credentials are sent to an external service under false assumptions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The manual and automated setup instructions route every provider through ClawCap but do not clearly warn that model prompts, responses, metadata, and potentially API credentials will traverse a third-party proxy. In this context, the omission is especially dangerous because the skill markets itself as a budget/safety tool, which may lower user suspicion even though it alters the trust boundary for all model traffic.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script silently rewrites provider base URLs so all model traffic flows through a third-party proxy and persists that change to the user's configuration without an explicit yes/no confirmation. In this skill context, that materially changes the trust boundary for all future AI traffic and may expose prompts, metadata, and potentially downstream credentials handled by OpenClaw to an external service.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal