ClawHub

Claw Loudyai Skill

Security checks across malware telemetry and agentic risk

Overview

The skill is coherent Loudy.ai task automation, but users should be careful with its optional cron setup, installer script, and separate Binance skill recommendation.

Keep LOUDY_API_KEY in an environment variable, review pool IDs and task links before submitting, prefer installing from the reviewed package instead of running the curl|bash installer, do not run install.sh where you have local changes, enable cron only if you intentionally want ongoing polling, and separately vet any Binance/X posting skill before installing it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill documentation describes use of environment variables, outbound API access, workspace file I/O, and shell-based cron setup, but the metadata only declares an environment variable requirement and omits explicit permissions/capability declarations for network and shell behavior. This weakens transparency and reviewability, making it easier for users or platforms to underestimate what the skill can do.

Description-Behavior Mismatch

Medium
Confidence
87% confidence
Finding
The script embeds operational guidance to install and run an external Binance Twitter/X posting skill, which expands behavior beyond the declared scope of interacting only with the Loudy.ai API. This creates a supply-chain and unsafe-delegation risk because users may execute unreviewed third-party code and perform social-media actions not disclosed by this skill's manifest.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The installer unconditionally deletes an existing `loudy-ai-auto-task` directory with `rm -rf` before cloning, without prompting the user, creating a backup, or verifying the directory contents. This can destroy local modifications, configuration, or unrelated data if the path is reused or unexpectedly populated, especially because the script is intended to run with elevated permissions in a system skills directory.

Session Persistence

Medium
Category
Rogue Agent
Content
```bash
# 方法1: 使用工作区安装路径(推荐)
SKILL_DIR="/root/.openclaw/workspace/skills/claw-loudyai-skill"
(crontab -l 2>/dev/null; echo "*/5 * * * * $SKILL_DIR/scripts/cron_check.sh") | crontab -

# 方法2: 如果安装到系统路径
(crontab -l 2>/dev/null; echo "*/5 * * * * /usr/lib/node_modules/openclaw/skills/loudy-ai-auto-task/scripts/cron_check.sh") | crontab -
Confidence
94% confidence
Finding
crontab -l

Session Persistence

Medium
Category
Rogue Agent
Content
(crontab -l 2>/dev/null; echo "*/5 * * * * $SKILL_DIR/scripts/cron_check.sh") | crontab -

# 方法2: 如果安装到系统路径
(crontab -l 2>/dev/null; echo "*/5 * * * * /usr/lib/node_modules/openclaw/skills/loudy-ai-auto-task/scripts/cron_check.sh") | crontab -
```

### 3. 配置 Heartbeat 通知(可选)
Confidence
94% confidence
Finding
crontab -l

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal