Acpx Connection Troubleshooting

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate acpx troubleshooting guide, but it asks agents to inspect and rewrite local credential files without enough guardrails against exposing or overwriting secrets.

Install only if you want an agent to help troubleshoot acpx/OpenClaw Gateway credentials. Do not let it print or paste real API keys, app secrets, or gateway tokens; redact config output, back up existing files, and manually approve any write to ~/.openclaw/gateway.token.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill instructs users to write a gateway authentication token directly to a persistent file using shell redirection, but does not warn that this stores a sensitive secret on disk and may overwrite an existing token. In a troubleshooting context, this can lead to credential exposure via shell history, copy/paste leakage, backups, or accidental replacement of valid credentials.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The guide tells users to inspect ~/.claude/config.json, which contains API endpoint and API key material, but gives no warning about handling secrets safely. This increases the chance that users will expose credentials in terminal output, support chats, screenshots, or logs during troubleshooting.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal