ClawHub

deprecated ignore

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed hosted voice bridge that sends transcripts and agent replies through hotbutter.ai and runs the local OpenClaw agent as documented.

Install only if you are comfortable with spoken transcripts and agent responses passing through hotbutter.ai, or configure `--relay-url` to use a relay you control. Avoid sessions where the local agent may print secrets, and remove or protect `~/.hotbutter` if you do not want the optional email/config retained.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script collects an email address and persists it to ~/.hotbutter immediately, but it does not clearly warn the user that this data will be stored locally or discuss retention/privacy implications. While the field is optional and the value is not highly sensitive by itself, unexpected persistence of personal data can create privacy and consent issues, especially on shared systems or in environments with weak home-directory protections.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The tool forwards user-spoken text from the voice interface to a remote relay/browser service and then to an agent bridge, but it does not present an explicit privacy notice at the point of use. Users may reasonably not understand that their speech content is leaving the local machine and being processed by external services, which can expose sensitive conversations, credentials, or personal data.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal