ClawHub

ZeroTier Remote Web Access

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real remote-access helper, but it opens the OpenClaw admin gateway broadly and weakens authentication settings.

Install only if you intentionally want remote administrative web access and understand the exposure. Before running it, prefer binding only to the ZeroTier IP or firewalling port 1880 to the ZeroTier network, keep authentication protections enabled where possible, do not share the token, and be ready to restore the backed-up OpenClaw config if the gateway is disrupted.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

High
Confidence
96% confidence
Finding
The skill explicitly instructs users to rebind the gateway to 0.0.0.0, exposing it on all interfaces rather than limiting access to the ZeroTier address. In this context, that broadens exposure beyond the intended overlay network and, combined with later weakened auth settings, materially increases the chance of unauthorized remote access.

Missing User Warnings

Critical
Confidence
99% confidence
Finding
The configuration example sets allowInsecureAuth to true and dangerouslyDisableDeviceAuth to true, which disables important protections while also exposing the service remotely. In a remote web-access skill, this is especially dangerous because it normalizes insecure defaults that can permit interception, bypassed trust checks, or unauthorized device access.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The script overwrites the OpenClaw configuration and kills/restarts the gateway without any confirmation, backup validation, or explicit acknowledgement from the operator. In an agent or automation context, this can cause unintended service disruption or unexpected configuration changes, especially if invoked in the wrong environment or with an unexpected HOME path.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal