ClawHub

OnlyBots Farcaster Channel Engagement

Security checks across malware telemetry and agentic risk

Overview

This skill does what it advertises: it posts and replies in a Farcaster channel using user-provided credentials and optional scheduled automation.

Install only if you want this agent to publish and reply publicly from the configured Farcaster account. Before enabling cron, review the channel, schedules, replyProbability, and maxRepliesPerRun settings, consider using a dedicated/revocable signer, and run the teardown script when you want automation to stop.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill sets up cron jobs that will autonomously post and reply from the user's account, but the warning is understated and does not clearly foreground that this creates ongoing public activity under their identity. That creates consent and account-safety risk: a user may enable automation without appreciating reputational impact, unintended spam, or policy violations caused by scheduled posts and replies. The skill context makes this more dangerous because its primary purpose is public social posting, so automation directly affects a real external identity.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script passes OPENCLAW_GATEWAY_TOKEN on the subprocess command line via --token, which can expose the secret through process listings, shell history equivalents in wrappers, audit logs, or crash/debug output. Even though this is a local setup script and not overtly malicious, command-line arguments are a weaker secret-handling channel than environment variables or stdin.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal