ClawHub

OpenClaw Гід Українською — Повний посібник

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only Ukrainian OpenClaw setup guide; it describes powerful integrations, but the behavior is visible and aligned with its purpose.

Install only if you want a Ukrainian OpenClaw reference guide. Before following its examples, keep bot tokens and API keys out of commits, use least-privilege bot scopes, start with exec set to ask, keep gateways bound to loopback where possible, and install plugins only from publishers you trust.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The guide encourages connecting external messaging platforms and storing bot tokens, but it does not clearly disclose that user messages, metadata, and possibly attachments may be transmitted to third-party services and model providers. In a setup guide for an AI agent that bridges chats to tools and models, this omission can mislead users into enabling integrations without understanding privacy and data-handling risks.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The plugin section promotes installing third-party plugins that can register tools, channels, webhooks, and HTTP routes, which materially expands the agent's attack surface and may enable arbitrary code execution or remote exposure. Without a strong warning about trust boundaries, permissions, review, and supply-chain risk, users may install untrusted extensions that can access data, execute commands, or expose services.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal