ClawHub

jisuai-balance

Security checks across malware telemetry and agentic risk

Overview

The skill matches its advertised balance-check purpose, but it reads a local API key and sends it in a plain HTTP URL, which can expose the credential.

Review before installing. Only use this skill if you are comfortable with it reading your OpenClaw config and sending your JisuAI API key to the balance endpoint; preferably wait for a version that uses HTTPS, avoids URL query-string secrets, and asks before first credential use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The code identifies a provider configuration associated with an HTTPS service but then sends the recovered API key to a hardcoded plain-HTTP endpoint. This exposes the credential and response data to interception or modification by any attacker on the network path, enabling credential theft or response tampering.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly states it will read the user's local OpenClaw configuration to extract an API key, but it does not present a clear user-facing warning or consent boundary before accessing and transmitting that credential. Even if the purpose is legitimate balance checking, silently pulling a local secret and using it in a network request increases the risk of unintended credential disclosure and violates least-surprise expectations.

Missing User Warnings

High
Confidence
99% confidence
Finding
The documented balance query uses plain HTTP and places the API key directly in the URL query string, exposing the secret to interception by network attackers, proxies, logs, and browser/history-style request logging systems. Because API keys are credentials, transmitting them over an insecure channel can lead to account compromise, unauthorized usage, or abuse of the associated service.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
The script appends the API key directly into the URL query string of an HTTP request, causing the secret to traverse the network unencrypted and potentially be logged by proxies, servers, or client tooling. Because this is a balance-check skill, the context does not justify weakening transport security for a sensitive credential.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal