ClawHub

YandexGPT Proxy

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed local proxy for using YandexGPT through OpenClaw, with expected credential, network, config, and background-process behavior.

Install only if you are comfortable storing a Yandex API key locally, sending selected prompts to Yandex Cloud, running a localhost proxy on port 8444, and letting the documented patch script update your OpenClaw config. Back up ~/.openclaw/openclaw.json before patching and use the stop script when the proxy is not needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill declares no explicit permissions while clearly requiring environment-variable access and shell/script execution. This is dangerous because users and automated tooling may underestimate the trust boundary and approve installation without realizing it can read secrets, write files, and launch processes.

Tp4

High
Category
MCP Tool Poisoning
Confidence
90% confidence
Finding
The stated purpose focuses on being a translation proxy, but the skill also edits user configuration, creates credential files in the home directory, and manages a background process. That mismatch is risky because users may not expect persistent system changes or config mutation, which can lead to unintended exposure, broken configuration, or silent traffic redirection.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The documentation does not clearly warn that requests sent to the local OpenAI-compatible endpoint are forwarded onward to Yandex Cloud using the user's configured credentials. This can mislead users into sending sensitive prompts or data under the assumption the service is purely local, creating confidentiality and compliance risk.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script unconditionally rewrites the user's OpenClaw configuration file to add a new provider entry, without prompting, backup, or dry-run behavior. Even though the intended purpose appears to be legitimate setup for the YandexGPT proxy, silently modifying a persistent user config can surprise users, overwrite expected state, and create unsafe trust in a local HTTP endpoint.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal