ClawHub

Corpus RAG & KG Search

Security checks across malware telemetry and agentic risk

Overview

This search plugin appears purpose-aligned, but its setup code can expose API credentials in clear text and stores them locally without clear safeguards.

Install only if you trust the publisher and the configured API service. Do not run setup in shared or logged terminals unless secrets are masked, review ~/.openclaw/openclaw.json permissions after configuration, and avoid sending passwords, tokens, or private text in search queries unless that API is approved for the data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The interactive setup collects sensitive values such as apiKey and dataAuthKey, then prints them back to stdout in a configuration summary. Secrets shown on the terminal can be exposed through screen sharing, terminal logging, shell history capture tools, CI logs, or other local monitoring, making credential disclosure likely in real-world use.

Missing User Warnings

High
Confidence
99% confidence
Finding
These lines explicitly print apiKey and dataAuthKey in cleartext after setup completes. This creates an immediate disclosure channel for credentials to anyone with access to the terminal session or logs, and it is especially risky because the wizard presents itself as normal setup behavior.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The setup persists API credentials to ~/.openclaw/openclaw.json without any notice about secret-at-rest handling, file permissions, or safer storage alternatives. While local config storage is sometimes necessary, silently writing secrets to disk increases the chance of later compromise from backups, multi-user systems, weak permissions, or accidental exfiltration.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The tool sends `params.userQuery` to a remote HTTP endpoint built from runtime/registration configuration, but this file provides no user-facing disclosure, consent mechanism, or minimization controls before transmitting potentially sensitive user input. In a RAG/search tool, user queries can easily contain secrets, personal data, or proprietary text, so silent forwarding to an external service creates a real privacy and data-handling risk.

VirusTotal

61/61 vendors flagged this plugin as clean.

View on VirusTotal