ClawHub

api-key-auditor

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent API-key auditing tool, but its auto-fix mode can broaden secret exposure by writing discovered credentials into OpenClaw config without confirmation and may migrate keys it says should stay managed elsewhere.

Use the read-only audit mode first. Do not run `--fix` unless you have reviewed every finding, backed up `~/.openclaw/openclaw.json`, and are comfortable centralizing those secrets there. Be especially careful with mcporter-managed keys, because this version may copy them into OpenClaw config even though the documentation says they do not need migration.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill advertises behavior that reads environment/configuration data and can write to `openclaw.json`, yet no permissions are declared in the manifest. That mismatch weakens user awareness and policy enforcement, making a sensitive file-modifying skill appear less privileged than it actually is.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill reads and reasons about credentials from ~/.mcporter/mcporter.json, which is outside the stated scope of auditing OpenClaw skills and openclaw.json. Accessing unrelated secret stores broadens the data-access surface and can expose or correlate credentials the user did not intend this skill to inspect.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill includes a `--fix` mode that writes discovered credentials into `~/.openclaw/openclaw.json`, a sensitive configuration file, but the documentation does not present a strong warning about the security and operational consequences of modifying it. Users may trigger automated migration without understanding that secrets are being centralized, persisted, and may affect runtime behavior after restart.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
With --fix, the script automatically writes discovered secrets into openclaw.json without any confirmation step, allowing bulk propagation of sensitive values into another persistent file. This can unintentionally expand secret exposure, overwrite intended boundaries, or normalize unsafe secret handling if the operator runs the tool on unreviewed content.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal