Hippius Storage
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: hippius Version: 1.0.1 The skill bundle is classified as suspicious due to a shell injection vulnerability in `scripts/query_storage.py`. The script constructs `aws s3` commands using `subprocess.run` where the `bucket` and `prefix` arguments are taken directly from command-line input without sanitization. An attacker controlling these inputs could inject arbitrary shell commands, leading to Remote Code Execution (RCE) on the system running the script. These injected commands would execute with the `HIPPIUS_S3_ACCESS_KEY` and `HIPPIUS_S3_SECRET_KEY` environment variables, potentially compromising credentials or performing unauthorized actions.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the local config or seed phrase is exposed, someone could potentially access or control the user's Hippius account or related storage operations.
The skill documents storing Hippius API credentials and an optional blockchain seed phrase locally. That is sensitive account authority, although it is disclosed and tied to Hippius CLI use.
Config stored at `~/.hippius/config.json` ... `hippius config set hippius hippius_key "your_hippius_key"` ... `hippius config set substrate seed_phrase "your twelve word mnemonic"`
Prefer scoped S3/API keys where possible, avoid entering a seed phrase unless truly required, protect the config file, and revoke or rotate credentials if they may have been exposed.
A mistaken command could upload unintended local files, overwrite/download data to the wrong place, or delete objects from Hippius storage.
The documented AWS CLI workflows can bulk-upload/sync or delete storage objects. This is expected for a storage-management skill, but wrong paths or buckets could change user data.
`aws ... s3 sync ./local-dir/ s3://my-bucket/remote-dir/` ... `aws ... s3 rm s3://my-bucket/file.txt`
Approve only specific bucket names, prefixes, and local paths; require extra confirmation before sync, overwrite, or delete operations.
Installing the optional CLI runs third-party package code in the user's Python environment.
The skill documents an optional unpinned third-party Python package install. It is not automatic and is relevant to the Hippius CLI, but it still introduces normal package-provenance risk.
## Installation ```bash pip install hippius ```
Install optional packages in a virtual environment, verify the package source, and pin versions where practical.
Account addresses and requested RPC queries could be visible to network observers when using the default RPC URL.
The helper script sends RPC account/file/credit queries to a default HTTP endpoint. This is purpose-aligned, but HTTP transport can expose query metadata to the network path.
def rpc_call(method: str, params: list, api_url: str = "http://api.hippius.io")
Use an HTTPS RPC endpoint if Hippius provides one, and avoid querying sensitive account/file metadata over untrusted networks.