ClawHub

External Receiver

Security checks across malware telemetry and agentic risk

Overview

This skill is a real external receiver, but its defaults can expose uploads and agent-visible messages to anyone who can reach the server.

Install only if you intentionally need a network ingress bridge into OpenClaw. Before running it, bind it to localhost or a private interface, set RECEIVER_SECRET, put it behind firewall/VPN/TLS controls, and treat every received file or message as untrusted. Avoid exposing the status or download endpoints publicly unless they are protected.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The server exposes a status page that lists received files and a /download/<filename> endpoint without enforcing the shared-secret check. This creates unintended read access to uploaded content and metadata, which is broader than a receiver-only purpose and can leak sensitive files to anyone who can reach the service.

Context-Inappropriate Capability

Medium
Confidence
86% confidence
Finding
The code reads the local OpenClaw configuration and bearer token, then uses it to inject messages directly into the local gateway over WebSocket. In this skill context, externally supplied data is being bridged into an authenticated local control channel, which expands trust boundaries and can facilitate prompt injection or unauthorized session manipulation.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill is explicitly designed to accept external files and messages over HTTP and automatically push them into the current OpenClaw session. Without a prominent warning and safer defaults, this enables unsolicited external data injection, which can expose the user to prompt injection, malicious file delivery, spam, or untrusted instructions entering an active agent context.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
Authentication is optional and defaults to disabled, while the service binds to 0.0.0.0 and accepts uploads, messages, and webhooks that are then persisted and forwarded into the user session. In practice, this means any reachable party can write files and inject content into the agent environment, making abuse significantly more dangerous in this skill's context.

VirusTotal

48/48 vendors flagged this skill as clean.

View on VirusTotal