ClawHub

WuCai

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate WuCai integration, but it asks the user to share a sensitive token and can read or change private notes and diary data.

Install only if you want the agent to access your WuCai highlights, notes, clippings, and diary. Use a dedicated revocable WuCai OpenClaw token, prefer platform secret storage over ordinary chat when available, confirm the correct CN/EU/US region before use, and be careful with write actions such as updating notes, appending diary entries, changing status, or moving articles to trash.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill declares executable script usage and relies on environment-provided secrets and outbound API access, but does not explicitly declare corresponding permissions. That creates a transparency and policy-enforcement gap: a host may permit the skill under the assumption it is non-privileged, while it can still access tokens and send user data to a remote service. In a personal knowledge-base skill, this matters because queried highlights, diaries, and notes can be highly sensitive.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README explicitly instructs users to paste an OpenClaw access token into the AI chat to complete setup, but does not clearly warn that this is a credential or explain how it will be stored, scoped, or protected. Supplying secrets through a conversational interface increases the risk of accidental disclosure in logs, transcripts, prompt context, or to other skills/components with access to chat history.

Natural-Language Policy Violations

Medium
Confidence
76% confidence
Finding
Forcing the assistant's reply language based solely on deployment region overrides user preference and can cause unintended disclosure or confusion, especially in multilingual contexts or when the user explicitly requested another language. This is primarily a safety and usability issue rather than a direct exploit primitive, but it can increase the chance of mishandling sensitive content if the user cannot accurately verify responses.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal