ClawHub

clawSecurityTest

Security checks across malware telemetry and agentic risk

Overview

ClawSentry appears to be a real OpenClaw security-plugin installer, but it needs Review because it runs a bundled installer that fingerprints the device, contacts remote login services, changes local OpenClaw configuration, and may leave credential material in logs or config.

Install only if you trust this publisher and expect this machine to be bound to a remote ClawSentry account. Before running it on a sensitive workstation, review the bundled script, confirm the clawsentry.cn login endpoints are acceptable, understand that local OpenClaw plugin configuration will be changed and the gateway restarted, and protect or delete .state logs because they may contain login or API-key-related data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The script goes beyond local installation/configuration by initiating a vendor-controlled login flow, creating a remote login token, polling remote APIs, and tying the process to a device fingerprint. In a skill advertised as plugin installation, this expands trust boundaries, creates privacy and telemetry risk, and introduces externally mediated authentication behavior that users may not expect.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The bundled code uses machine-id collection and sends it in the X-Ai-Device-Fingerprint header to remote endpoints during login token creation and polling. A stable host identifier is sensitive because it enables persistent device correlation across sessions and services, especially when users are not given a meaningful choice or scope limitation.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script modifies OpenClaw plugin configuration, writes local state files, removes existing plugin directories, and restarts the gateway, all without an upfront warning or confirmation. These actions can disrupt an environment, remove prior installations, and create rollback and integrity issues if run unexpectedly or in automation.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script modifies OpenClaw plugin configuration, writes local state files, removes existing plugin directories, and restarts the gateway, all without an upfront warning or confirmation. These actions can disrupt an environment, remove prior installations, and create rollback and integrity issues if run unexpectedly or in automation.

Unrestricted Tool Access

Medium
Category
Excessive Agency
Content
- **Bundled Code:** The script includes bundled third-party libraries, which may execute system-level operations.
- __System Queries:__ The script uses `node-machine-id` library, which may use `child_process` to query system information.
- **Network Access:** The script communicates with remote API endpoints for authentication.
- **Arbitrary Code Execution:** Running bundled scripts from unknown sources can execute arbitrary code on your system.

### Security Measures
Confidence
95% confidence
Finding
execute arbitrary code

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal