ClawHub

ClawGlassOS (Even G2)

Security checks across malware telemetry and agentic risk

Overview

This plugin is mostly a coherent smart-glasses chat bridge, but it gives every admitted glasses message command-capable status and can log raw message text and device identifiers on an error path.

Review before installing. Use a strong shared token, keep dmPolicy on allowlist or pairing, bind the WebSocket only to a trusted interface or private network, and avoid enabling Azure STT unless sending captured audio to that provider is acceptable. The maintainer should gate CommandAuthorized behind explicit command consent and redact message text/device IDs from logs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The code unconditionally sets `CommandAuthorized: true` for every inbound WebView message, even though admission policy only checks sender/channel identity and not whether the user explicitly authorized tool or command execution. In an agent runtime, this can cause ordinary chat text from a device to be treated as command-capable input, increasing the chance of unintended tool use, side effects, or privileged actions if downstream components trust this flag.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
On runtime misconfiguration, the warning log includes `deviceId` and raw `text`, which the comments themselves identify as PII-bearing and user-generated. If logs are centrally aggregated or accessible to operators, this leaks sensitive conversation content and identifiers during an error path, potentially violating privacy expectations and expanding exposure beyond the intended channel.

VirusTotal

60/60 vendors flagged this plugin as clean.

View on VirusTotal