ClawHub

Moltbook Firewall

Security checks across malware telemetry and agentic risk

Overview

This is a coherent defensive scanning skill, but it keeps a local preview of scanned text that users should account for.

Use this as a local best-effort firewall, not a complete security boundary. Before installing, know that scanned text can be retained in ~/.openclaw/workspace/data/firewall-log.jsonl, so avoid scanning secrets unless you are comfortable with local retention, and periodically clear or disable that log if needed. Also verify jq is installed and expect occasional false positives from regex-based detection.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The script persists a preview of scanned content to a local JSONL log file, which can include user-supplied sensitive data such as credentials, prompts, or other confidential text. For a security-scanning skill, retaining the scanned payload expands the trust boundary and creates an avoidable disclosure and retention risk if the host account, workspace, or logs are later accessed.

Intent-Code Divergence

Low
Confidence
88% confidence
Finding
The implementation stores a content preview despite the surrounding comment implying a simpler scan log. This mismatch can mislead operators about what data is retained and increases the chance that sensitive user input is stored unexpectedly.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
User-provided content is written to a persistent file without any warning, consent flow, or visible disclosure. Because this tool is intended to scan potentially malicious or sensitive text before processing, silent persistence can capture secrets and private content that users reasonably expect to be inspected transiently, not stored.

Ssd 3

Medium
Confidence
97% confidence
Finding
Automatically logging natural-language input creates a data retention and secondary leakage channel for exactly the kind of sensitive text this firewall is supposed to protect against. Even a 500-byte preview may capture API keys, credentials, internal prompts, or personally sensitive content, and the cumulative JSONL file becomes an attractive target.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal