ClawHub

large-file-handler

Security checks across malware telemetry and agentic risk

Overview

This is a coherent large-file processing helper, but it needs careful deployment because it writes uploads to disk and uses background Python processors.

Install only if you are comfortable with uploaded files being stored in the local OpenClaw workspace and processed by background Python processes. Configure restrictive permissions, scheduled cleanup, path validation, and resource limits, and do not pass API tokens directly on a shared command line.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The documentation promises that processing results will be proactively pushed to users, but later states that real push is not implemented and only a print placeholder exists. This mismatch can cause operators to assume users will be notified when they will not be, leading to silent processing failures, missed security-relevant outcomes, and unsafe operational reliance on nonexistent delivery guarantees.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The asynchronous design spawns independent Python subprocesses using file-derived inputs and a handler selector, which materially expands the attack surface beyond simple streaming and deferred processing. In a file-handling skill, child-process execution is especially risky because downstream parsers for PDFs, archives, Office files, and media are common targets for sandbox escapes, unsafe invocation, and resource-exhaustion chains.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The guide documents persistent filesystem storage of uploaded files and retention in pending/processing/completed directories, but does not provide adequate warning about data retention, local disk writes, or handling of potentially sensitive user content. In a file-handling skill, this omission is security-relevant because integrators may deploy it without consent notices, retention controls, access restrictions, or cleanup guarantees, increasing the risk of privacy breaches and unauthorized data exposure.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The document instructs users to paste an API token directly into a shell command without any warning about secret handling. This can expose credentials through shell history, process listings, screen recordings, shared terminals, or copied logs, which could allow unauthorized access to the user's ClawHub account.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The script unconditionally moves the supplied file into a completed directory and deletes a derived lock file path without validating that the target path is within an expected workspace or is owned by this process. If an attacker can influence `--file`, they may cause unintended file relocation or deletion of arbitrary `.lock` files, especially when symlinks or crafted paths are involved.

Missing User Warnings

Medium
Confidence
79% confidence
Finding
The code copies user-supplied files into a persistent workspace staging area before processing, which can expose sensitive data at rest and expand the blast radius if the workspace is accessible to other skills, users, or operators. In a file-handling skill this behavior is expected operationally, but it is still risky because there is no evidence here of isolation, access control, retention limits, or user-facing disclosure.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal