ClawHub

EdgeOps

Security checks across malware telemetry and agentic risk

Overview

This EdgeOps ops plugin is coherent and disclosed, but it can use an EdgeOps token to inspect hosts and operate SSH sessions, so it should only be installed where that authority is intended.

Install only if you trust this publisher and want OpenClaw to route EdgeOps operations through this plugin. Use a least-privilege EdgeOps token, prefer secret or environment references over plaintext config, keep prompt hooks and local shell blocking enabled only where desired, and close SSH channels after use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The manifest explicitly states that the plugin injects routing hints and can intercept local shell calls to EdgeOps, but it does not define clear activation boundaries, matching rules, or user-consent semantics in the manifest itself. In an ops plugin with SSH/session tools and bearer-token access, vague interception/injection behavior can unexpectedly alter model behavior, redirect actions, or block/reshape local commands in ways users may not anticipate.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The `blockLocalEdgeOpsExec` setting says exec/PowerShell/curl calls to configured EdgeOps HTTP are intercepted, but it does not specify precise matching logic, exclusions, or safeguards for legitimate local workflows. This ambiguity can cause overbroad blocking, bypass confusion, or coercion into plugin-mediated network paths that use stored tokens and privileged APIs.

VirusTotal

63/63 vendors flagged this plugin as clean.

View on VirusTotal