ClawHub

Nimo AI Glasses

Security checks across malware telemetry and agentic risk

Overview

This skill likely does what it claims, but its installer and pairing flow can expose an OpenClaw gateway and pairing secret to the network with weak/default protection.

Review before installing. Prefer localhost-only binding unless you intentionally need remote access, set a strong unique gateway token, protect the gateway with firewall or reverse-proxy controls, remove the active link code from unauthenticated health responses, and understand where provider API keys are stored before running deploy.sh.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The script explicitly sets `gateway.bind lan`, which exposes the OpenClaw gateway beyond localhost. In this skill context, the script also enables generic chat APIs and plugin endpoints, so a user running it on a VPS may unintentionally publish an AI gateway to the network with only a static token for protection.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The script enables `gateway.http.endpoints.chatCompletions.enabled true`, which exposes a generic chat completions API unrelated to the narrowly described smart-glasses pairing/chat workflow. This broadens the attack surface and may allow the deployment to be used as a general-purpose AI endpoint rather than only the plugin-specific functionality.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The README explicitly documents that the current pairing link code is exposed via GET /nimo/health while also stating that gateway auth is not required for plugin routes. Because the link code is the only secret needed to obtain a long-lived session token, any party with network access to the gateway can fetch the code and immediately pair, resulting in unauthorized access to the chat interface.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script persists provider API keys into OpenClaw configuration via `openclaw config set env.*`, but provides no warning about credential storage location, permissions, or lifecycle. On shared hosts or poorly secured systems, stored secrets may be readable by other processes or inadvertently backed up, increasing the risk of credential disclosure and billing abuse.

Missing User Warnings

High
Confidence
97% confidence
Finding
The script exposes the gateway on a LAN/public interface without a clear warning or informed consent step, even though it is intended to run on a VPS. In practice this can make multiple APIs reachable from the network immediately after deployment, which is especially risky because the default token is weak and predictable.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script automatically starts the gateway service and prints public endpoint URLs, but does not clearly warn that it is launching a network-accessible API service. This can lead users to expose services unintentionally, especially in a copy-paste deployment workflow on Internet-reachable VPS instances.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal