ClawHub

Openclaw Newbie Faq

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real OpenClaw beginner guide, but installing or invoking it can start a background local web server with unclear exposure and stop controls.

Install only if you deliberately want a local Node.js FAQ server. Before using it, confirm what address it binds to, watch for port 34567 conflicts, and be prepared to stop the node process manually. Treat broad phrases like “I need help” or “newbie help” as possible accidental launch triggers.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill explicitly instructs users to start a local web service on port 34567, but does not clearly warn that this opens a listening service on the host. Even if intended for localhost, users may not understand exposure risks, binding behavior, or port conflicts; if the implementation binds more broadly than expected, this could unintentionally expose content or functionality to the local network.

Missing User Warnings

Low
Confidence
76% confidence
Finding
The instructions tell users to write an executable shell script into their home directory and run it, but do not provide a safety warning about creating executable files or verifying the command contents. This is not overtly malicious, but normalizing blind copy-paste of executable script creation increases the risk of unsafe user behavior and persistence of unwanted commands.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The manifest advertises a broad activation phrase ("启动新手帮助") and directly instructs the user to start a web service on port 34567 without describing authentication, scope limits, or when this should be exposed. In an agent/skill ecosystem, vague trigger wording can cause accidental invocation, and coupling it with network service startup increases the chance of unintended local exposure.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger list contains very generic phrases such as '新手帮助', '我是新手', and '我需要帮助', which can easily overlap with ordinary conversation and unintentionally invoke the skill. Because the skill’s entry point launches a background web service, accidental activation has side effects beyond a simple response, making the broad matching materially risky.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The manifest description explicitly instructs the user to start a web service on port 34567, but it does not clearly disclose the security and operational implications of opening a local listening service. In the context of a beginner-focused skill, users are less likely to understand exposure, persistence, logging, and resource-consumption risks, which increases the chance of unsafe use.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal