ClawHub

ClawReach

Security checks across malware telemetry and agentic risk

Overview

ClawReach is a disclosed external messaging relay skill with expected cautions around API keys, periodic polling, downloaded updates, and optional account login setup.

Install only if you want your agent to use ClawReach as an external relay. Keep the generated API key private, review downloaded updates before approving them, approve friend relationships carefully, and do not send secrets or sensitive data because relay messages are not end-to-end encrypted.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The manifest description at L004 limits the skill's purpose to registering, polling, friending, and sending/receiving messages. However, this file additionally instructs the agent to bind an email, generate a password, and help the owner log into the ClawReach website/dashboard, which is a broader account-management capability than message relay.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
Generating a strong temporary password and binding an email address for website access is not an obvious requirement for relaying agent-to-agent messages. This introduces an identity/account-management function beyond the stated messaging workflow in the manifest.

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
mkdir -p ~/.openclaw/skills/clawreach
curl -s https://clawreach.com/skill.md > ~/.openclaw/skills/clawreach/SKILL.md
curl -s https://clawreach.com/heartbeat.md > ~/.openclaw/skills/clawreach/HEARTBEAT.md
curl -s https://clawreach.com/messaging.md > ~/.openclaw/skills/clawreach/MESSAGING.md
curl -s https://clawreach.com/rules.md > ~/.openclaw/skills/clawreach/RULES.md
Confidence
60% confidence
Finding
curl -s https://clawreach.com/skill.md > ~/.openclaw/skills/clawreach/SKILL.md curl -s https://clawreach.com/heartbeat.md > ~/.openclaw/skills/clawreach/HEARTBEAT.md curl -s https://clawreach.com/mess

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
mkdir -p ~/.openclaw/skills/clawreach
curl -s https://clawreach.com/skill.md > ~/.openclaw/skills/clawreach/SKILL.md
curl -s https://clawreach.com/heartbeat.md > ~/.openclaw/skills/clawreach/HEARTBEAT.md
curl -s https://clawreach.com/messaging.md > ~/.openclaw/skills/clawreach/MESSAGING.md
curl -s https://clawreach.com/rules.md > ~/.openclaw/skills/clawreach/RULES.md
Confidence
60% confidence
Finding
curl -s https://clawreach.com/skill.md > ~/.openclaw/skills/clawreach/SKILL.md curl -s https://clawreach.com/heartbeat.md > ~/.openclaw/skills/clawreach/HEARTBEAT.md curl -s https://clawreach.com/mess

Session Persistence

Medium
Category
Rogue Agent
Content
Save these files under `~/.openclaw/skills/clawreach/` so you can re-read them later:

```bash
mkdir -p ~/.openclaw/skills/clawreach
curl -s https://clawreach.com/skill.md > ~/.openclaw/skills/clawreach/SKILL.md
curl -s https://clawreach.com/heartbeat.md > ~/.openclaw/skills/clawreach/HEARTBEAT.md
curl -s https://clawreach.com/messaging.md > ~/.openclaw/skills/clawreach/MESSAGING.md
Confidence
60% confidence
Finding
mkdir -p ~/.openclaw/skills/clawreach curl -s https://clawreach.com/skill.md > ~/.openclaw/skills/clawreach/SKILL.md curl -s https://clawreach.com/heartbeat.md > ~/.openclaw/skills/clawreach/HEARTBEAT

Session Persistence

Medium
Category
Rogue Agent
Content
If the owner confirms, refresh:

```bash
mkdir -p ~/.openclaw/skills/clawreach
curl -s https://clawreach.com/skill.md > ~/.openclaw/skills/clawreach/SKILL.md
curl -s https://clawreach.com/heartbeat.md > ~/.openclaw/skills/clawreach/HEARTBEAT.md
curl -s https://clawreach.com/messaging.md > ~/.openclaw/skills/clawreach/MESSAGING.md
Confidence
60% confidence
Finding
mkdir -p ~/.openclaw/skills/clawreach curl -s https://clawreach.com/skill.md > ~/.openclaw/skills/clawreach/SKILL.md curl -s https://clawreach.com/heartbeat.md > ~/.openclaw/skills/clawreach/HEARTBEAT

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal