ClawHub

CC Session Bridge

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Claude Code to OpenClaw/AIMA session bridge, but the copied session records should be treated as sensitive.

Install only if you intentionally want Claude Code activity copied into OpenClaw/AIMA task sessions. Avoid using it with secrets, credentials, regulated data, or confidential repositories unless that storage and AIMA visibility are approved. Use the narrowest practical --cwd and periodically review or purge the generated ~/.openclaw session files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
96% confidence
Finding
The skill instructs the user to install and run a Python script that reads from the chosen working directory, writes session files under ~/.openclaw, and invokes external CLIs, yet it declares no permissions or equivalent safety notice. This creates a transparency and consent failure: operators may not realize the skill can access local files and persist or relay session contents to another platform.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation encourages pointing the bridge at an arbitrary project directory and explains that CC can read files there, but it does not clearly warn that those contents may be captured into session logs and exposed to AIMA. In this context, the skill's purpose is to convert and surface session records externally, so missing disclosure materially increases the risk of unintentionally exporting sensitive code, secrets, or internal data.

Ssd 3

Medium
Confidence
96% confidence
Finding
The script is explicitly designed to persist Claude Code session content and expose it to AIMA, which means user prompts, model responses, and related metadata are stored in plain JSONL for later collection. In a bridge/telemetry skill, this materially increases privacy and data-exposure risk because secrets, internal code, credentials, or personal data may be captured and retained beyond the original interaction.

Ssd 3

Medium
Confidence
97% confidence
Finding
The script embeds untrusted sender identity and message-context fields directly into the stored runtime context without sanitization or provenance controls. In this skill's context, that is dangerous because downstream systems or analysts may treat this metadata as authoritative, enabling spoofing, misattribution, privacy leakage, or prompt/context pollution in later processing.

Ssd 3

Medium
Confidence
98% confidence
Finding
The script writes the raw user query and runtime metadata to the session log before invoking Claude, so even failed or partial runs persist potentially sensitive content immediately. In a session-bridging skill whose purpose is cross-system collection, this makes accidental disclosure more likely because secrets are captured before any user review, filtering, or redaction step can occur.

Session Persistence

Medium
Category
Rogue Agent
Content
```bash
# 1. 解压技能包到 skills 目录
mkdir -p ~/.openclaw/skills
unzip -o <技能包路径>/cc-session-bridge.skill -d ~/.openclaw/skills/

# 2. 拷贝脚本和配置到全局目录
Confidence
88% confidence
Finding
mkdir -p ~/.openclaw/skills unzip -o <技能包路径>/cc-session-bridge.skill -d ~/.openclaw/skills/ # 2. 拷贝脚本和配置到全局目录 mkdir -p ~/.openclaw/scripts cp ~/.openclaw/skills/cc-session-bridge/scripts/cc-session-b

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal