ClawHub

Acpx Bridge Troubleshooting Guide

Security checks across malware telemetry and agentic risk

Overview

This troubleshooting skill fits its stated purpose, but it handles gateway tokens, Feishu secrets, and local agent configuration in ways that could leak credentials or overwrite a user's setup.

Review carefully before installing. Back up ~/.acpx/config.json and ~/.openclaw files, do not use or share the published token example, protect Feishu app secrets, avoid sharing diagnostic output, set restrictive permissions on any token file, and confirm that restarting Gateway or globally updating acpx will not disrupt active work.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The skill embeds a concrete gateway token value in an example command, which normalizes handling credentials in plaintext and may leak a real or reusable secret if copied from production material. Even if intended as a sample, publishing credential-like values in troubleshooting content is unsafe because users may paste them into logs, shell history, or shared docs.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The script prints the first 10 characters of the gateway token to stdout during troubleshooting. Even partial credential disclosure can aid token identification, correlation across logs/screenshots, and accidental leakage through terminal history, CI logs, screen sharing, or support transcripts. In a troubleshooting skill context, this is more dangerous because users are likely to paste output into chats or tickets.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The instructions create a sensitive token file and later restart services, but do not warn about overwriting an existing token, file permissions, shell history exposure, or service disruption. In an operational troubleshooting guide, these omissions can cause credential leakage or accidental outage during remediation.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The multi-account examples include app secrets inline in commands and configuration snippets without cautioning that command-line arguments may be exposed via shell history, process listings, screenshots, or copied configs. Because this is credential configuration material, the surrounding context makes secret-handling hygiene especially important.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The guide instructs users to write a gateway token directly to ~/.openclaw/gateway.token but does not warn that this is a sensitive secret, recommend restrictive file permissions, or caution against exposing it via shell history, logs, screenshots, or shared environments. While creating a token file may be operationally necessary, omitting basic secret-handling guidance increases the risk of credential disclosure and unauthorized access to the gateway.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
Showing even a masked prefix of a secret is still sensitive disclosure, especially in diagnostic output intended to be shared for support. The script provides no warning and no opt-in before exposing token material, increasing the chance of unintentional credential leakage to other users, logs, or external systems.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script copies a bearer token from one config file into a separate credential file, increasing credential exposure and persistence without setting restrictive file permissions or warning the user. This can broaden the attack surface because additional plaintext secret files are easier to leak via backups, misconfigured permissions, shell tooling, or later support/debug actions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal