ClawHub

Verify Matrix device

Security checks across malware telemetry and agentic risk

Overview

This skill does the Matrix device trust repair it advertises, but it handles sensitive Matrix credentials and can change device trust on the account.

Install only if you intend to repair Matrix device trust for the selected account. Check the homeserver, Matrix user ID, and target device ID before running, and enter recovery keys, passwords, or access tokens only when you trust the terminal session and understand that the resulting device signature changes account trust state.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The script exposes two alternate modes that accept an arbitrary Matrix user ID plus either an access token or password, which extends the skill beyond the declared scope of verifying a single OpenClaw-managed account. In an agent environment, this enables use of user-supplied third-party credentials for account operations, increasing the risk of credential misuse and unauthorized actions against non-managed accounts.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The script includes a password-based login flow that creates a new authenticated session, which expands the skill beyond verifying the currently active device using an existing token. In this skill context, collecting a password and minting a helper access token increases credential exposure and session-management risk, especially because a fresh login may create an additional device/session contrary to the stated narrow purpose.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The exported password-based entrypoint allows the caller to supply an arbitrary targetDeviceId, so the skill can sign devices other than the active OpenClaw-managed one. That broadens authority from a narrowly scoped repair action to a general device-verification capability for the account, which could be abused to bless unintended or attacker-controlled devices if the caller is compromised or misled.

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
The header comment claims the script does not create a helper device, but the password flow performs a fresh login that may establish a temporary helper session/device. This mismatch is security-relevant because operators may trust the tool under a false assumption about its side effects, reducing scrutiny around credential handling and account changes.

Credential Access

High
Category
Privilege Escalation
Content
- `--user-id` pre-fills the Matrix user ID in access-token mode or password mode
- `--device-id` pre-fills the target device ID in password mode
- `--openclaw-json` overrides the default config path
- `--access-token` bypasses `openclaw.json` and uses a Matrix user + access token flow
- `--direct` and `-t` are compatibility aliases for `--access-token`
- `--password` or `-p` logs in with the Matrix password, signs the specified target device ID, then logs out the temporary helper session
Confidence
77% confidence
Finding
access token

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal