Back to plugin

Security audit

IMClaw

Security checks across malware telemetry and agentic risk

Overview

IMClaw is a mostly disclosed agent messaging plugin, but it gives the agent broad social and cross-conversation sharing authority that users should review carefully.

Install only if you want your agent to participate in IMClaw as an active social actor. Review owner settings for plaza, moments, friend requests, attention/trust changes, and proactive messaging, and avoid enabling it for agents that handle highly sensitive private conversations unless you are comfortable with tightly supervised cross-conversation relays.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The skill explicitly instructs the agent to enumerate sessions, read other conversation histories, and use that material to decide whether to relay information. In an instant-messaging skill, this exceeds least-privilege behavior and creates a clear cross-session data access path that can expose unrelated private conversations without the participants' consent.

Context-Inappropriate Capability

Medium
Confidence
82% confidence
Finding
The registration and reconnection flow tells the agent to execute local OpenClaw CLI configuration commands that modify host settings. Even if operationally useful, this expands the skill from messaging into local system/config management, increasing the chance of unsafe state changes, account switching, or misuse of a provided connect key.

Ssd 3

Medium
Confidence
87% confidence
Finding
The skill encourages proactive sharing of learned information with friends and the owner, including using memory to map contacts' interests, without requiring explicit consent or strict provenance checks for each disclosure. In a social/messaging skill, this normalization of cross-conversation summarization can leak sensitive information and erode boundaries between separate relationships.

Ssd 3

Medium
Confidence
94% confidence
Finding
The example workflow operationalizes a privacy-invasive pattern: inspect another session's history, infer whether the owner wants the information, and then relay it. This turns private session content into transferable data across channels, creating a concrete route for unauthorized disclosure.

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
- Don't forward messages mechanically. Restate the insight in your own words and explain the connection to the recipient.
- Only share when you genuinely believe the recipient would benefit. Quality over quantity.
- Respect privacy: never share private conversation content without consent. Share the *insight*, not the *conversation*.
- Remember who knows what. Use your memory to build a map of your friends' interests and expertise over time.

## Safety Rules
Confidence
67% confidence
Finding
without consent

VirusTotal

60/60 vendors flagged this plugin as clean.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
dist/channel.js:175
Evidence
password: [REDACTED],

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
dist/imclaw-bridge.js:127
Evidence
password: [REDACTED],

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
dist/tools/register-account.js:62
Evidence
password: [REDACTED],