ClawHub

Video Chat With Me

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real video-chat skill, but it installs an always-on network service that handles microphone, camera, API keys, and OpenClaw agent access with weak scoping.

Install only if you are comfortable with a persistent local video-chat server reachable from your network, cloud processing of voice and possibly camera frames, and the skill using your OpenClaw gateway token. Prefer manual startup, restrict it to trusted networks, remove or unload the LaunchAgent when not needed, harden or avoid plaintext API-key storage, and periodically clear the temp media directory.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (16)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill clearly instructs the agent to perform sensitive operations including reading secrets/config files, writing secret material, making network requests, and executing shell scripts, yet it does not declare corresponding permissions. This weakens user awareness and consent, making it easier for an agent to perform impactful actions without transparent permission gating.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The script creates and auto-loads a user launchd agent that persistently runs the video chat server at login. Even though the skill metadata mentions an optional persistent launchd service, this setup script installs it by default without a clear opt-in gate, which expands the skill's runtime footprint and creates ongoing exposure if the local service is later abused or misconfigured.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger phrases include broad everyday language such as 'call me' and generic voice/video phrases, which can cause accidental activation in unrelated conversations. Because activation can lead to running setup scripts, starting services, and exposing a local web endpoint, unintended invocation has meaningful security and privacy consequences.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill directs automatic setup and call initiation that may install a persistent launchd service, create SSL materials, read and store API keys, and expose an HTTPS service reachable over local or Tailscale networks. These actions affect system persistence, network exposure, and the transmission of audio/video to third parties, but the instructions do not require a clear user warning or explicit informed consent at the time of execution.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The page records microphone input and sends it to /api/chat, but the UI does not provide a clear, explicit notice at the point of capture that audio will be uploaded and processed remotely. In this skill's context, that is materially risky because the metadata states speech is sent to Groq cloud STT and then through the OpenClaw gateway to an LLM provider, so users may disclose sensitive spoken data without informed consent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
A captured camera frame is appended to the request and sent to /api/chat whenever the camera is enabled, without an explicit warning at send time that images leave the browser. This is more dangerous in this skill than in a purely local app because the metadata says frames go through the OpenClaw gateway and may be forwarded to a cloud LLM provider, creating significant privacy exposure for faces, surroundings, documents, or other visual secrets.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The endpoint accepts microphone audio and optional camera images, then forwards them to Groq, the local OpenClaw gateway, and potentially a cloud LLM provider, but this file does not implement any consent check or user-facing disclosure at the point of collection. Because the skill handles highly sensitive biometric and visual data, silent transmission materially increases privacy and compliance risk.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
When the user pastes a Groq API key, the script writes it to ~/.openclaw/secrets/groq_api_key.txt without clearly warning that the credential will be stored persistently on disk. Persisted secrets increase the chance of later disclosure through weak file permissions, backups, local compromise, or other software reading the same path.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script automatically installs Python packages at runtime and then immediately launches the server, modifying the host environment without explicit user confirmation or a clear warning. This creates supply-chain and system-integrity risk, especially because pip installs occur from network sources and may use --break-system-packages, which can alter system-managed Python environments.

Session Persistence

Medium
Category
Rogue Agent
Content
echo "   ⚠️  Groq API key not found."
    read -p "   Paste your Groq API key (or Enter to skip): " INPUT_KEY
    if [ -n "$INPUT_KEY" ]; then
      mkdir -p "$HOME/.openclaw/secrets"
      echo "$INPUT_KEY" > "$HOME/.openclaw/secrets/groq_api_key.txt"
      echo "   ✅ Saved"
    fi
Confidence
90% confidence
Finding
mkdir -p "$HOME/.openclaw/secrets" echo "$INPUT_KEY" > "$HOME/.openclaw/secrets/groq_api_key.txt" echo " ✅ Saved" fi fi else echo " ✅ Found" fi # 4. Check chatCompletions echo

Session Persistence

Medium
Category
Rogue Agent
Content
done
fi

PLIST="$HOME/Library/LaunchAgents/${PLIST_LABEL}.plist"
launchctl stop "$PLIST_LABEL" 2>/dev/null || true
launchctl unload "$PLIST" 2>/dev/null || true
Confidence
93% confidence
Finding
PLIST

Session Persistence

Medium
Category
Rogue Agent
Content
done
fi

PLIST="$HOME/Library/LaunchAgents/${PLIST_LABEL}.plist"
launchctl stop "$PLIST_LABEL" 2>/dev/null || true
launchctl unload "$PLIST" 2>/dev/null || true
Confidence
93% confidence
Finding
PLIST

Session Persistence

Medium
Category
Rogue Agent
Content
done
fi

PLIST="$HOME/Library/LaunchAgents/${PLIST_LABEL}.plist"
launchctl stop "$PLIST_LABEL" 2>/dev/null || true
launchctl unload "$PLIST" 2>/dev/null || true
Confidence
93% confidence
Finding
plist

Session Persistence

Medium
Category
Rogue Agent
Content
fi

PLIST="$HOME/Library/LaunchAgents/${PLIST_LABEL}.plist"
launchctl stop "$PLIST_LABEL" 2>/dev/null || true
launchctl unload "$PLIST" 2>/dev/null || true

cat > "$PLIST" << PLISTEOF
Confidence
97% confidence
Finding
PLIST

Session Persistence

Medium
Category
Rogue Agent
Content
</plist>
ENDEOF

launchctl load "$PLIST"
sleep 3

# 8. Verify
Confidence
98% confidence
Finding
launchctl load

Session Persistence

Medium
Category
Rogue Agent
Content
</plist>
ENDEOF

launchctl load "$PLIST"
sleep 3

# 8. Verify
Confidence
98% confidence
Finding
PLIST

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal