ClawHub

Vault Enhancements w/ UI

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real API-key vault UI, but it handles high-value credentials while overstating how protected they are locally.

Install only on a trusted machine and treat the vault as a local permission-protected JSON secrets file, not proven encrypted storage. Back up openclaw.json and secrets.json before migration, verify the package matches the OpenClaw version you run, and use the auth-profile delete/reset controls carefully.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Intent-Code Divergence

Medium
Confidence
87% confidence
Finding
The UI asserts that the AI agent never sees keys, but this component explicitly accepts secret values via props such as addValue/edits and forwards them through callbacks like onAddValueChange, onEdit, and onSave. Even if the wider architecture intends to keep secrets away from the agent, this view proves secret material transits application state, so the claim is misleading and can cause unsafe trust assumptions by users and integrators.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The RPC surface for a secrets-management UI also exposes auth profile enumeration, reset, and deletion operations, which expands the skill's authority beyond the stated API-key vault behavior. This increases attack surface and creates an unexpected capability boundary break: any caller allowed to use this skill may be able to manipulate authentication profiles, not just manage stored secrets.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal