ClawHub

Potassium

Security checks across malware telemetry and agentic risk

Overview

This package is a coherent Infomaniak/OpenClaw integration with sensitive chat, mail, and drive capabilities that are disclosed and mostly conservative by default.

Install only if you intend to let OpenClaw access Infomaniak services through the configured token. Keep the default mutation block and selected kChat channel scope unless you deliberately need broader access, and treat responseMode "all" or websocketChannelScope "all" as organization-wide privacy decisions because they can send non-addressed channel messages to the agent.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation explicitly supports a broad-ingestion mode via `responseMode: "all"`, which causes every accepted inbound kChat message to be dispatched to the agent, but it does not clearly warn that this may expose non-addressed user messages and sensitive channel content to automated processing. In a chat integration skill, that omission is security-relevant because operators may enable the mode for convenience without understanding the privacy and data-minimization consequences.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The `websocketChannelScope: "all"` option is documented as accepting posts from every visible kChat channel, but the text lacks a prominent privacy/security warning that this can expose all visible channel traffic to OpenClaw. In this skill context, that materially increases risk because the integration is designed to ingest and process message contents, so a misconfigured operator could unintentionally grant the agent broad access across internal conversations.

VirusTotal

60/60 vendors flagged this plugin as clean.

View on VirusTotal