Security audit

Clawbrain Boost

Security checks across malware telemetry and agentic risk

Overview

This skill needs review because it routes OpenClaw through a third-party provider and advertises automatic long-term memory without enough privacy, consent, or secret-handling detail.

Install only if you intentionally want OpenClaw's default model traffic routed to the named third-party provider. Before use, confirm the provider's privacy and billing terms, protect and rotate the API key if exposed, and look for clear controls to inspect, disable, or delete any stored memory.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (3)

Description-Behavior Mismatch

Medium

Confidence: 94% confidence
Finding: The skill is marketed as a memory/quality/write-assist enhancement, but the actionable content instead instructs users to replace their model configuration with a third-party hosted provider and obtain a paid external API key. This is dangerous because it changes the trust boundary, routes prompts and data to an external service, and may mislead users into installing what is effectively a provider switch rather than a local capability add-on.

Missing User Warnings

High

Confidence: 96% confidence
Finding: The skill claims automatic memory extraction, identity updates, source-linked memory, and daily consolidation, but provides no privacy notice, consent flow, retention policy, or data control details. In context, this is especially risky because the same document also redirects users to an external API provider, increasing the chance that sensitive conversational data and inferred personal information are processed or stored by a third party without informed consent.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The instructions tell users to paste an API key into a local configuration file but do not warn that the credential is sensitive, should not be committed to source control, and should be protected with appropriate file permissions or secret-management practices. This can lead to credential leakage through backups, logs, screenshots, or repository commits, enabling unauthorized use of the account and data exposure via the linked provider.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal