ClawHub

Chatgpt Consultation

Security checks across malware telemetry and agentic risk

Overview

This skill has a coherent ChatGPT-consultation purpose, but it can automatically send user questions through a logged-in browser session and contains an unsafe shell-command path using user-controlled text.

Review carefully before installing. Use only with non-sensitive questions, prefer a dedicated browser profile if you use it at all, and avoid running the included script until the shell command is replaced with safe argument passing and the missing helper/config files are included for review.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill executes local shell commands (`openclaw browser start` and `node scripts/auto_chatgpt.js ...`) to fulfill a consultation request, which gives it unnecessary command-execution capability relative to its stated purpose. More importantly, the second command interpolates user-controlled prompt text into a shell command string, creating a command injection risk if the question contains shell metacharacters or quote-breaking input.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The automatic trigger conditions are broad enough to activate on many ordinary requests, including cases where the user did not explicitly consent to sending their prompt to an external service. In this skill, automatic invocation is especially risky because the workflow routes content through a browser-connected ChatGPT session, which can expose sensitive user data and produce unintended external actions.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill describes automatically consulting ChatGPT through the user's existing browser session but does not clearly warn that user content may be transmitted to a third-party service and linked to that logged-in account. Because it uses an existing Chrome session, the privacy risk is elevated: prompts may contain confidential data, and actions may occur within an authenticated context without fully informed consent.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The agent sends the user's question to an external ChatGPT automation flow without explicit consent, disclosure, or data-classification checks. This can leak sensitive prompts, internal information, credentials, or personal data to third-party services, especially because the tool is framed as routine assistance rather than external transmission.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal