ClawHub

Mqtt Client

Security checks across malware telemetry and agentic risk

Overview

This MQTT skill appears purpose-aligned, but it silently writes persistent OpenClaw configuration when imported and weakens TLS certificate verification for broker connections.

Install only if you are comfortable with the skill modifying `~/.openclaw/openclaw.json` and using MQTT broker credentials. Review that file after installation, restrict subscriptions and publish rights to specific topics instead of `#`, and avoid using credentialed TLS connections until certificate verification is configured safely.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
83% confidence
Finding
The skill documentation clearly indicates use of environment variables for broker address, username, and password, but no explicit permissions declaration is present. In a permissioned agent ecosystem, undeclared access to environment data is risky because it can expose secrets or grant capabilities users did not knowingly approve.

Tp4

High
Category
MCP Tool Poisoning
Confidence
90% confidence
Finding
The documented behavior exceeds the stated purpose by including automatic modification of ~/.openclaw/openclaw.json, trigger-based automation, and active health ping/pong traffic. Undisclosed file writes and autonomous behavior are dangerous because they change local system state and network behavior in ways a user may not expect from a 'client' library.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The module performs host filesystem mutation by creating or updating ~/.openclaw/openclaw.json, and this behavior is tied to library import rather than an explicit setup action. Side effects on import are dangerous because any consumer that merely loads the module unexpectedly changes local state, which can violate least surprise, alter host configuration, and create persistence-like behavior beyond the stated MQTT client purpose.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The code automatically mutates host configuration during import by calling autoSetupConfig() in the background. This is unjustified for a client library and can surprise downstream applications, especially in environments where simply requiring a module should not create files or alter persistent user settings.

Vague Triggers

Medium
Confidence
74% confidence
Finding
The skill is positioned as a universal client for arbitrary MQTT automation and even defaults to broad subscription patterns like '#', which can enable very wide data collection and reactive behavior. In MQTT environments that bridge home automation, IoT, or inter-instance communications, broad scope increases the blast radius for accidental overreach, data exposure, or unsafe automations.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The documentation states that the skill automatically creates configuration in ~/.openclaw/openclaw.json, but this side effect is not prominently disclosed up front. Silent or poorly signposted local file modification is risky because it can persist settings, change runtime behavior, and surprise users who expected a non-mutating integration skill.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The module silently creates or rewrites user configuration during import without a clear warning at the point of action. Silent persistent changes reduce transparency and can be abused or simply cause unsafe deployment outcomes in automation systems that load third-party skills opportunistically.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal