ClawHub

MOCI — Memory-bound OpenClaw Identity

Security checks across malware telemetry and agentic risk

Overview

This skill is not obviously harmful, but it needs review because it creates persistent agent identity and authentication state with some sensitive flows that are under-scoped or inconsistent.

Review before installing. Use only if you are comfortable with persistent local identity files, memory-chain logs, key pins, gateway hooks, and trust-score effects under ~/.openclaw. Protect backups and exports, prefer keychains or secret managers over environment variables for passphrases, verify any recovery phrase prompt is part of a local import/export flow, and inspect or obtain the actual implementation before relying on it for authentication.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
The document contains contradictory guidance: it says the system never asks for the recovery phrase, yet the import flow requires the user to provide the mnemonic. Contradictions in recovery/secret-handling flows are dangerous because they train users to ignore phishing indicators and make social-engineering attacks more effective.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger description is extremely broad and can cause the skill to activate in many loosely related contexts involving identity, trust, provenance, or compliance. Over-broad auto-invocation increases the chance that sensitive identity operations are surfaced unexpectedly, exposing users to unintended file creation, secret prompts, export/import flows, or trust decisions.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The skill describes creating sensitive identity material on disk, including a device salt and encrypted identity state, without a prominent warning about backup, portability, and local compromise risks. Users may incorrectly assume these artifacts are safe by default or recoverable, leading to identity loss, cloning risk, or secret exposure if the host is shared or backed up insecurely.

Natural-Language Policy Violations

Low
Confidence
77% confidence
Finding
Recommending passphrase entry via environment variable without caution is risky because environment variables are often exposed through shell history, process listings, crash reports, CI logs, or orchestration metadata. In an identity system, leakage of the passphrase can directly compromise exported identity packages or encrypted local state.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The key pinning logic uses trust-on-first-use and silently writes the initial pin file if none exists. In an identity/authentication skill, that means a compromised first run, malicious local environment, or attacker-controlled verify key can become permanently trusted without user awareness, undermining later signature verification and enabling persistent impersonation until repinning occurs.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal