ClawHub

RTK Rewrite

Security checks across malware telemetry and agentic risk

Overview

This plugin appears to do what it says, but it can automatically change shell commands before they run and can optionally store command text in local logs.

Install only if you intentionally want RTK to rewrite OpenClaw exec commands automatically. Review the installed rtk tool and its rewrite rules, keep audit logging disabled unless needed, and avoid enabling verbose or audit logging around commands that may contain tokens, credentials, private paths, or proprietary operational details.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README explicitly describes transparent interception of `exec` tool calls and execution of rewritten shell commands, but it does not clearly warn users that commands may be modified before execution. In an agent setting, silent command transformation changes the trust boundary: users may believe one command is being run while another is actually executed, which can lead to unexpected side effects or abuse if the rewrite engine is compromised or misconfigured.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly supports writing audit logs of intercepted exec command rewrites, which can persist sensitive command content, file paths, tokens, or operational context to disk. Even if intended for debugging or compliance, documenting this behavior without a clear warning about data persistence, storage location, and retention increases the risk of accidental exposure on shared systems or through later log collection.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
When audit mode is enabled, the plugin writes both original and rewritten commands to disk, which can expose sensitive shell input such as credentials, tokens, internal paths, or proprietary commands. The audit path can also be influenced by configuration or environment, and the code creates directories and appends logs without any sanitization, redaction, permission hardening, or clear consent flow.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal