ClawHub

调用 JavaSkillController 提供的 HTTP 接口,供 OpenClaw/OpenLaw 执行业务操作、健康检查。

Security checks across malware telemetry and agentic risk

Overview

This skill openly calls a configured Java backend, but its broad submit/execute interface could trigger unclear business or legal actions without enough scoping or confirmation.

Install only if you control or trust the JAVA_API_URL backend. Treat execute and submit actions as potentially changing backend data, prefer HTTPS, avoid unnecessary personal or confidential fields, and require explicit confirmation before non-read-only operations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
86% confidence
Finding
The skill explicitly relies on environment access (`JAVA_API_URL`) and network access to send HTTP requests, yet no declared permissions are documented. This creates a trust and review gap: operators may approve or run the skill without realizing it can exfiltrate user-supplied data to any configured endpoint, including internal services, which increases SSRF-style and data handling risk in agent environments.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger phrases are broad enough to match ordinary user requests such as querying users, submitting data, or calling Java/OpenLaw interfaces, which can cause the skill to activate unexpectedly. Because this skill performs networked API execution, accidental invocation could send user-supplied data to the backend or trigger business actions without clear user intent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The manifest explicitly defines a networked HTTP skill that accepts userId and arbitrary extra object data, but it does not disclose to users that their inputs may be transmitted to an external backend. This creates a privacy and consent risk, and in sensitive legal or business contexts the transmitted data may include personal or confidential information.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal