ClawHub

WebClaw

Security checks across malware telemetry and agentic risk

Overview

WebClaw appears to be a legitimate dashboard skill, but it needs review because installation and runtime actions can make sudo-level web server and service changes.

Install only on a server where you are comfortable letting this skill manage nginx, systemd services, SSL certificates, and web dashboard users. Back up nginx configuration first, verify the fetched GitHub tag/source, restrict OpenClaw access to trusted administrators, avoid passing chosen passwords on the command line, and treat session/config listings as admin-only operational data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Findings (9)

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The file implements Telegram-invoked administrative actions including user management, session clearing, SSL changes, and service restarts, which materially exceed the stated UI-focused skill description. This capability mismatch is dangerous because it expands remote administrative reach and may bypass user expectations, review scope, or deployment controls.

Context-Inappropriate Capability

High
Confidence
93% confidence
Finding
The script can restart system services via sudo from an agent-facing management entrypoint. In the context of a web dashboard skill, this is a high-risk administrative capability that could be abused to disrupt service, aid persistence, or mask other changes if the invoking channel is compromised.

Context-Inappropriate Capability

High
Confidence
94% confidence
Finding
The script obtains and renews certificates and rewrites nginx configuration via privileged commands. Even with hostname validation, this grants infrastructure-level control well beyond ordinary dashboard management and could be abused to alter network exposure, break availability, or reconfigure the host if the agent path is misused.

Vague Triggers

Medium
Confidence
79% confidence
Finding
The activation triggers are broad and include many generic admin/web terms, which increases the chance the skill is invoked in situations outside its intended scope. Because this skill can manage users, passwords, SSL, sessions, and services, accidental invocation could lead to unintended administrative changes or disclosure of sensitive system state.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill exposes destructive administrative actions such as disabling users, clearing sessions, resetting passwords, and restarting services without explicit warnings about operational impact. In an admin dashboard context, these actions can immediately disrupt access, lock out users, or cause outages if triggered casually or through ambiguous user requests.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The reset-password action accepts a plaintext password through a command-line argument, which can be exposed through shell history, process listings, orchestration logs, or audit trails. That leaks credentials to other local users or monitoring systems and is especially unsafe in automated agent-driven environments.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The install script performs privileged, system-wide changes to nginx and systemd and enables persistent services without any interactive confirmation or explicit opt-in. In an agent/skill ecosystem where installation may be triggered indirectly, this increases the risk of unexpected host reconfiguration and persistence beyond what a user intended.

Session Persistence

Medium
Category
Rogue Agent
Content
# Enable and start
sudo systemctl daemon-reload
sudo systemctl enable webclaw-api webclaw-web
sudo systemctl restart webclaw-api webclaw-web

# Wait for services to start
Confidence
95% confidence
Finding
systemctl enable

Tool Parameter Abuse

High
Category
Tool Misuse
Content
"$NGINX_CONF" > "$TEMP_CONF"
    sudo cp "$TEMP_CONF" /etc/nginx/sites-enabled/webclaw
    rm -f "$TEMP_CONF"
    sudo rm -f /etc/nginx/sites-enabled/default 2>/dev/null || true

    if sudo nginx -t 2>/dev/null; then
        sudo systemctl reload nginx
Confidence
96% confidence
Finding
rm -f /etc/nginx/sites-enabled/default 2>/dev/

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal