ClawHub

GigaChat (Sber AI) Proxy

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real GigaChat proxy helper, but it uses insecure TLS defaults and can overwrite config or kill local processes without enough safeguards.

Review before installing. Use this only if you are comfortable auditing the scripts, installing or configuring the Sber CA so TLS verification stays enabled, checking port 8443 ownership before startup, and reviewing the OpenClaw config changes before applying them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The documentation instructs users to run a config-patching script and elsewhere to kill whatever is bound to port 8443, but it does not prominently warn about side effects such as overwriting configuration, disrupting unrelated services, or terminating the wrong process. In a skill-install context, users may paste commands without understanding impact, making this an unsafe operational pattern.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script unconditionally overwrites the user's OpenClaw configuration after only creating a backup, with no prompt, dry-run, or opt-in confirmation. In a skill-installation context, silently changing a user's active config can redirect model traffic, break existing settings, or introduce unexpected trust boundaries, especially since it points the provider at a localhost proxy service.

Missing User Warnings

Low
Confidence
92% confidence
Finding
The setup script installs a Python package automatically during execution without any prior disclosure, prompt, or pinning of the dependency version. This is risky because installation executes code from an external package supply chain, and users may not realize that running the skill setup performs a network fetch and trust decision on their behalf.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script unconditionally kills the PID stored in a file and also terminates whatever process is listening on port 8443, including using kill -9 in one branch, without verifying ownership, command name, or asking for confirmation. In an agent skill context, this can disrupt unrelated local services or kill the wrong process if the PID file is stale or attacker-influenced, creating a denial-of-service condition on the host.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The script explicitly disables TLS certificate verification whenever a specific CA file is absent by setting GIGACHAT_VERIFY_SSL_CERTS=false. That permits man-in-the-middle interception of API traffic and credential theft, especially because this skill handles authentication material for an AI proxy.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal