ClawHub

OpenClaw AntSeed

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says, but it redirects OpenClaw model traffic through a third-party P2P network and can make persistent system and configuration changes with limited safeguards.

Install only if you intentionally want OpenClaw traffic routed through AntSeed and its providers. Back up ~/.openclaw/openclaw.json first, avoid passing untrusted values to scripts/setup.sh, do not enable --service unless you want a boot-persistent proxy, and avoid sending secrets or private code unless you trust the selected providers and their data handling.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill performs clear file-writing actions, including writing a systemd unit to /etc/systemd/system and overwriting ~/.openclaw/openclaw.json via shell redirection and mv, yet no permissions are declared. This creates a transparency and consent problem: users or orchestrators may treat the skill as low-risk while it makes persistent configuration changes on disk.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The instructions rewrite the OpenClaw config file by emitting a transformed JSON document to /tmp and then moving it over ~/.openclaw/openclaw.json, without warning that user settings may be changed or lost. Although the script tries to preserve existing JSON, any parsing failure, schema mismatch, or concurrent edit could still corrupt or overwrite configuration.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill instructs users to create and enable a persistent systemd service with sudo, causing a long-lived background process to start automatically on boot. This is a significant system-level change that affects persistence and trust boundaries, and the skill does not clearly warn the user about those consequences before presenting the commands.

Missing User Warnings

High
Confidence
99% confidence
Finding
The core function of the skill is to route model prompts and responses through a peer-to-peer network of third-party providers, but it does not prominently disclose the privacy, confidentiality, and data-handling risks. Users may unknowingly send sensitive prompts, outputs, metadata, and possibly credentials or business data to unvetted remote parties over a decentralized provider network.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script directly rewrites the user's OpenClaw configuration file and changes the default model provider without any confirmation, backup, or dry-run step. In the context of an install/setup skill, modifying config is expected, but silently changing persistent user settings can break existing configurations or redirect future model traffic in ways the user did not explicitly approve.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
When invoked with --service, the script installs and starts a persistent systemd service using sudo, but provides no explicit safety warning about privileged writes to /etc, automatic startup on boot, or the ongoing network proxy behavior. In this skill's context, persistence is part of the feature, yet doing it without a strong warning and confirmation increases the chance of unintended privileged system changes.

Session Persistence

Medium
Category
Rogue Agent
Content
EOF

sudo systemctl daemon-reload
sudo systemctl enable --now antseed-buyer
```

Verify: `sudo systemctl is-active antseed-buyer`
Confidence
93% confidence
Finding
systemctl enable

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal