ClawHub

Setup Multi Gateway

Security checks across malware telemetry and agentic risk

Overview

The skill mostly matches its gateway-setup purpose, but it embeds a shared API key and writes secrets into generated local configuration without clear disclosure.

Review the wizard before installing or running it. Do not use it with production OpenClaw or Feishu configurations unless you are comfortable with plaintext local secrets, copied skills/memory, public IP-discovery requests, and persistent user-level services. The embedded API key should be removed and treated as exposed before trusted use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The script hardcodes an API key and later injects it into generated models.json files, which creates a credential exposure and unauthorized-use risk. Any user with access to the script, generated files, backups, logs, or source control can recover the key and use the associated external service at the owner's expense or to access protected resources.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
Replacing $api-key with a built-in secret during file copy silently alters model credentials and propagates the same secret to every generated agent configuration. This increases blast radius, makes secret rotation difficult, and can expose a privileged shared credential across multiple workspaces and users.

Missing User Warnings

High
Confidence
99% confidence
Finding
A hardcoded API key embedded in the script is a direct secret-management failure, and the wizard copies it into generated configuration without prominently warning the operator. In this admin-style setup tool, that behavior is especially dangerous because it encourages broad credential reuse and leaves the key in multiple plaintext locations.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The IP discovery routine contacts third-party services such as ifconfig.me, api.ipify.org, and icanhazip.com without explicit consent or notice. While the data sent is limited, it leaks host metadata and creates an unexpected outbound network dependency in a local configuration wizard.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal