ClawHub

Openclaw Ticket Assistant

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent ticket-creation helper, but it uses browser automation with a logged-in corporate account and customer screenshot data, so users should review before submitting.

Install only if you intend the assistant to use your browser session to create tickets in the internal system. Review the extracted customer, UID, handler, platform, and problem description before replying to submit, and avoid providing screenshots that contain unrelated sensitive information.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The guide instructs the agent to extract and retain the current logged-in account from the ticketing system, then reuse it to populate a later form field. That expands the skill from screenshot analysis and ticket creation into collection and persistence of identity data, creating unnecessary data handling and a scope-creep risk if the account is reused, exposed in logs, or applied to the wrong ticket.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger phrases are generic requests such as '帮我创建一个工单' and '提个工单', which can easily overlap with normal conversation and cause the skill to activate unexpectedly. In this skill's context, unexpected activation is more dangerous because the documented workflow includes analyzing screenshots and then using browser automation to create and submit a real ticket in an internal system.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README states that the skill will automatically open the ticket system, fill the form, and create a ticket, but it does not clearly warn that this results in submission of extracted screenshot data into an external/internal operational system. This is risky because users may provide screenshots containing sensitive customer or employee information without realizing the skill will transfer that data into a live system via browser automation.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly requires silent processing while handling customer-service screenshots, extracting customer identity details, and interacting with a ticketing system. That reduces transparency around privacy-sensitive data use and can cause users to unknowingly disclose or process personal, customer, or account information without clear notice, review, or informed consent beyond limited checkpoints.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The instructions tell the agent to record the logged-in account for later use without any notice about collection, retention, or handling of that personal/work identity data. In a support and ticketing workflow, this makes the issue more sensitive because the account may identify an employee and could be retained in agent memory, logs, or downstream systems without user awareness.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal