ClawHub

Openclaw Snitch

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed security blocklist, but it persistently controls agent behavior and sends incident metadata to Telegram by default.

Install only if you deliberately want a persistent OpenClaw blocklist that can stop tool calls and alter agent bootstrap context. Before enabling it, review the default blocked terms, decide whether Telegram alerts are acceptable, set alertTelegram to false if external reporting is not wanted, restrict Telegram allowFrom recipients to trusted administrators, and document how to remove the hooks and reverse file lock-down.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The plugin exfiltrates security-event metadata to external Telegram recipients, including blocked tool name and potentially session/agent context, which goes beyond local enforcement and logging. Because recipients are derived from configured Telegram allowFrom IDs rather than a dedicated security sink, blocked attempts may be disclosed to unrelated parties and sent over an external channel without minimization or explicit consent.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The README explicitly states that Telegram alerts are broadcast to all `allowFrom` recipients, but it does not warn users what data may be included in those alerts or the privacy implications of sending session/tool metadata to third parties. In a security product, silent broadcasting of potentially sensitive operational details can create unintended data disclosure, especially in shared or regulated environments.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill explicitly advertises Telegram alert broadcasting but does not warn that blocked tool names, parameters, or message-derived content may be transmitted to external recipients. In a security tool, silent exfiltration to Telegram is especially risky because users may enable it without understanding the privacy, compliance, or data handling implications.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The alert message includes sessionKey and agentId and transmits them to Telegram recipients without any access-control check specific to incident reporting, notice to users, or data-classification guard. These identifiers can reveal internal topology, correlate user activity, or aid follow-on targeting if Telegram recipients or accounts are misconfigured or compromised.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal