Back to skill

Security audit

Clawpet

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real Telegram virtual pet game, but it should be reviewed before public use because its public server can expose and mutate user-linked pet data without authentication.

Install only if you are comfortable reviewing and operating a local web service. Do not expose it publicly until Telegram initData HMAC validation, stricter CORS/origin handling, safe HTML rendering, and clear data deletion/retention controls are added.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill declares no permissions, yet its documented behavior clearly depends on environment-backed secrets and runtime capabilities, most notably Telegram Mini App initData HMAC validation with a BOT_TOKEN. This creates a misleading trust boundary: operators may install it believing it only returns a link, while the documented setup and server behavior imply access to secrets and local execution context.

Tp4

High
Category
MCP Tool Poisoning
Confidence
98% confidence
Finding
The description says the skill simply replies with a Telegram deep link, but the file documents substantially broader behavior: running a local HTTP server, exposing mutable API endpoints, storing per-user state on disk, generating image assets, and installing cross-runtime components. This mismatch is dangerous because reviewers and users may grant trust, deployment, or exposure based on a far narrower description than the actual attack surface.

Missing User Warnings

Low
Confidence
99% confidence
Finding
Diary lines returned from the backend are concatenated directly into innerHTML, so any malicious or compromised diary content can execute script in the Mini App context via DOM XSS. In this app, that could expose Telegram WebApp data, perform unwanted actions as the user, alter pet/social state, or trick users into sharing links.

Missing User Warnings

Low
Confidence
82% confidence
Finding
The program persistently writes pet state to a dotfile in the user's home directory without any prior disclosure, consent prompt, or retention explanation. While the stored data is low sensitivity, undisclosed persistence can violate user expectations, create privacy concerns, and become more dangerous in agent/skill contexts where users may not realize local files are being modified.

Session Persistence

Medium
Category
Rogue Agent
Content
```
3. (Opsiyonel) **Named tunnel** (URL kalıcı, viral patlama için kritik):
   ```bash
   cloudflared tunnel create openclaw-pet
   cloudflared tunnel route dns openclaw-pet pet.<your-domain>
   cloudflared tunnel run openclaw-pet
   ```
Confidence
84% confidence
Finding
create openclaw-pet cloudflared tunnel route dns openclaw-pet pet.<your-domain> cloudflared tunnel run openclaw-pet ``` ## Cross-Platform Install ```bash ./install.sh # her iki runti

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.