ClawHub

Vps Openclaw Security Hardening

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate VPS hardening skill, but it needs review because it makes high-impact root SSH and firewall changes and can forward security telemetry to external alert services when configured.

Install only on a disposable or dedicated VPS where you can tolerate SSH/firewall disruption. Keep an existing SSH session open, verify the chosen SSH port is reachable before applying firewall rules, review/fix the installer and missing files first, and enable Telegram/webhook reporting only if that third-party service is acceptable for your security logs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill advertises and instructs shell-based system modification but does not declare corresponding permissions. This creates a transparency and trust problem: users or orchestrators may not realize the skill can execute privileged host commands affecting SSH, firewall, packages, and services. In a security-hardening skill, hidden shell capability is especially sensitive because it is expected to make broad system changes.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script resets and enables the firewall immediately, changing network access on a live VPS without an explicit confirmation step right before the disruptive action. In this context, a mistake in the allowed SSH port, an unset variable, or a service not listening as expected can lock the operator out of the server, causing operational denial of service.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script sends a weekly security report to Telegram, a third-party service, without any minimization, sanitization, or explicit operator acknowledgement in the script flow. Because the report includes audit events, failed SSH attempts, and firewall status, it may expose sensitive operational and security telemetry outside the host, which is especially relevant in a hardening skill where logs can contain attacker-controlled content and infrastructure details.

External Transmission

Medium
Category
Data Exfiltration
Content
local method="${WEBHOOK_METHOD:-POST}"
    
    curl -s -X "$method" "$WEBHOOK_URL" \
        -H "Content-Type: application/json" \
        -d "{\"alert\": \"$message\", \"timestamp\": \"$(date -Iseconds)\"}" \
        --max-time 10 \
Confidence
83% confidence
Finding
curl -s -X "$method" "$WEBHOOK_URL" \ -H "Content-Type: application/json" \ -d

External Transmission

Medium
Category
Data Exfiltration
Content
return 0
    fi
    
    curl -s -X POST "https://api.telegram.org/bot${TELEGRAM_BOT_TOKEN}/sendMessage" \
        -d "chat_id=${TELEGRAM_CHAT_ID}" \
        -d "parse_mode=Markdown" \
        -d "text=${report}" \
Confidence
84% confidence
Finding
curl -s -X POST "https://api.telegram.org/bot${TELEGRAM_BOT_TOKEN}/sendMessage" \ -d "chat_id=${TELEGRAM_CHAT_ID}" \ -d "parse_mode=Markdown" \ -d

External Transmission

Medium
Category
Data Exfiltration
Content
return 0
    fi
    
    curl -s -X POST "https://api.telegram.org/bot${TELEGRAM_BOT_TOKEN}/sendMessage" \
        -d "chat_id=${TELEGRAM_CHAT_ID}" \
        -d "parse_mode=Markdown" \
        -d "text=${report}" \
Confidence
84% confidence
Finding
https://api.telegram.org/

External Transmission

Medium
Category
Data Exfiltration
Content
if [ -f "$ALERT_CONFIG" ]; then
    source "$ALERT_CONFIG"
    if [ -n "$TELEGRAM_BOT_TOKEN" ] && [ -n "$TELEGRAM_CHAT_ID" ]; then
        curl -s -X POST "https://api.telegram.org/bot${TELEGRAM_BOT_TOKEN}/sendMessage" \
            -d chat_id="${TELEGRAM_CHAT_ID}" \
            -d text="$(cat $REPORT_FILE | head -100)" \
            -d parse_mode="HTML" 2>/dev/null
Confidence
90% confidence
Finding
curl -s -X POST "https://api.telegram.org/bot${TELEGRAM_BOT_TOKEN}/sendMessage" \ -d chat_id="${TELEGRAM_CHAT_ID}" \ -d

External Transmission

Medium
Category
Data Exfiltration
Content
if [ -f "$ALERT_CONFIG" ]; then
    source "$ALERT_CONFIG"
    if [ -n "$TELEGRAM_BOT_TOKEN" ] && [ -n "$TELEGRAM_CHAT_ID" ]; then
        curl -s -X POST "https://api.telegram.org/bot${TELEGRAM_BOT_TOKEN}/sendMessage" \
            -d chat_id="${TELEGRAM_CHAT_ID}" \
            -d text="$(cat $REPORT_FILE | head -100)" \
            -d parse_mode="HTML" 2>/dev/null
Confidence
90% confidence
Finding
https://api.telegram.org/

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal