ClawHub

OpenClaw Doc Finder

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real OpenClaw documentation helper, but it has review-worthy side effects: silent script execution, persistent lookup logging, and unsafe secret-handling examples.

Install only after reviewing the side effects. Treat this as a documentation helper that may fetch OpenClaw docs, run a bundled version-sync script, cache fetched pages, and save your lookup questions. Avoid including secrets, internal hostnames, or incident details in questions unless you are comfortable with local retention. When following its troubleshooting snippets, do not share raw terminal output, redact tokens/API keys, prefer localhost unless remote exposure is intentional, and secure any .env files with restricted permissions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill is presented as a documentation lookup tool, but it instructs the agent to invoke shell commands as a fallback using curl piped into python3 for HTML processing. Introducing command execution for a read-only lookup task expands the attack surface unnecessarily and can enable command injection, SSRF, or unsafe handling of attacker-influenced URLs if any part of the URL or path becomes user-controlled.

Intent-Code Divergence

Medium
Confidence
89% confidence
Finding
The skill claims it should not be used for execution-oriented tasks, yet later requires normal operation to perform filesystem writes and optional script execution. This contradiction can mislead reviewers and users about the skill's actual behavior, reducing informed consent and increasing the likelihood that side effects occur unexpectedly.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The pipeline mandates automatic caching of fetched documents and recording of user questions and conclusions into local files, but it does not clearly warn users that their queries will be retained. This creates a privacy and data-governance risk, especially if queries contain sensitive operational details, tokens, internal hostnames, or troubleshooting context.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The guide includes commands to display sensitive values such as the gateway auth token and shows API key environment variable examples, but it does not warn users against exposing secrets in terminals, logs, screenshots, shell history, or shared config files. In documentation for operational infrastructure, omission of secret-handling guidance can lead to credential leakage and unauthorized access.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation instructs users to set the gateway host to 0.0.0.0, which exposes the service on all network interfaces, and it references remote access scenarios without any warning about firewalling, TLS, or access restrictions. If users apply this blindly, they may unintentionally publish an authenticated service to untrusted networks, increasing the risk of probing, brute force, token theft impact, or remote compromise of connected functionality.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The guide tells users to inspect provider configuration, environment variables, and loaded secrets using commands like `env | grep -i api` and `openclaw secrets list`, but it does not warn that these outputs may expose live credentials in terminal history, logs, screenshots, or shared troubleshooting sessions. In a troubleshooting document, this creates a realistic risk of accidental credential disclosure even though the content is not overtly malicious.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The document instructs users to append an API key directly into `~/.openclaw/.env` using a shell command, which risks exposing the secret through shell history, process monitoring, backups, and misconfigured file permissions. Although common in setup docs, embedding live secrets in command lines without secure-handling guidance is an unsafe practice.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal