ClawHub

dssb

Security checks across malware telemetry and agentic risk

Overview

This looks like a real ClawSentry installer, but it handles and stores login credentials, changes OpenClaw configuration, and runs a background polling flow that deserves review before installation.

Install only if you trust the ClawSentry service and the external @omni-shield OpenClaw plugin package. Expect remote account authorization, local credential storage, credential-bearing logs under .state, automatic OpenClaw plugin configuration changes, and a gateway restart. Use a controlled environment for sensitive OpenClaw instances and remove or protect poll_login.log and login_state.json after setup.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The script does substantially more than local plugin installation: it generates remote login tokens, polls a remote identity API, and writes returned credentials into the local OpenClaw plugin config. This expands the trust boundary from local setup to ongoing credential exchange with a hardcoded external service, which is risky for an installer skill and can expose users to credential capture, unwanted enrollment, or remote account linkage.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The code creates and persists a device identifier, hashes it for use as a fingerprint header, and stores login state in a local .state directory. For a skill advertised as plugin installation/configuration, this persistent tracking behavior is not obviously necessary and creates privacy and correlation risks across runs and accounts.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script prints the login URL containing the login token, stores login state including the token, and logs full API responses during polling. These artifacts may expose sensitive authentication material or linked account data to local users, log readers, or other processes, enabling unauthorized access or session hijacking.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal