ClawHub

Telnyx Rag

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it claims, but it uploads potentially sensitive workspace memory to Telnyx and its setup script can execute commands from a local .env file.

Install only if you are comfortable sending the configured workspace files and queries to Telnyx for storage, embedding, search, and LLM inference. Before use, narrow config.json patterns, add exclusions for secrets and private data, choose a non-predictable bucket name, avoid automated --prune until tested, and prefer exporting TELNYX_API_KEY in the environment instead of relying on an untrusted .env file.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (10)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The introductory description emphasizes semantic search and Q&A but does not plainly warn that workspace files are uploaded to Telnyx cloud storage and then processed for embeddings and inference. Users may reasonably treat this as a local indexing tool and unintentionally send sensitive workspace content to a third party.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The automated sync examples encourage cron/heartbeat execution of sync and prune operations without warning that changed local files may be repeatedly uploaded and deleted remote files may be pruned automatically. In practice, this can create continuous background data exfiltration and unintended remote data loss.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The CLI sends the user's query to Telnyx for similarity search and later sends both the query and retrieved document chunks to the chat completion API, but the user-facing interface does not clearly warn that potentially sensitive workspace content will be transmitted to an external provider. In a RAG tool over memory, knowledge, and skills, this increases the chance of accidental disclosure of confidential internal data.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script sends the user's search query and selected bucket name to Telnyx's external similarity-search API. In a memory/RAG skill, queries often contain sensitive workspace context, names, or internal project details, and the code provides no explicit disclosure, consent prompt, or redaction before transmission.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The script executes `source "$SCRIPT_DIR/.env"`, which treats the `.env` file as shell code rather than parsing it as data. If an attacker can modify that file, arbitrary commands will run during setup, and because this installer also handles API credentials and subsequent network operations, the execution context is sensitive.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script uploads workspace files and can trigger embeddings on their contents, but it provides no explicit privacy warning, consent gate, or allowlist confirmation before transmitting potentially sensitive local data to remote Telnyx services. In a memory/RAG skill, the synced files may include notes, knowledge bases, agent instructions, and other confidential workspace material, making accidental data disclosure materially likely.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The prune operation deletes remote objects based on local state and bucket listings without a confirmation prompt or protective dry-run by default. If the state file is stale, corrupted, or the configuration points to the wrong bucket/workspace, legitimate remote data could be removed unexpectedly.

Ssd 3

Medium
Confidence
90% confidence
Finding
The skill encourages indexing MEMORY.md, memory files, knowledge stores, and asks example queries about preferences and communication details, but it provides no natural-language guidance to exclude secrets, credentials, regulated data, or highly personal content. Because the tool is specifically designed to upload and retrieve this material through cloud services, the lack of sensitivity boundaries materially raises privacy and confidentiality risk.

Ssd 3

Medium
Confidence
91% confidence
Finding
The recommended bucket naming scheme uses predictable, discoverable names like openclaw-main and openclaw-{agent-id}, making agent memory locations easier to enumerate or guess. Even if access controls still apply, predictable storage identifiers reduce obscurity and can aid targeted probing, misconfiguration discovery, and accidental cross-agent access mistakes.

External Transmission

Medium
Category
Data Exfiltration
Content
# Use provided bucket or fall back to config
    bucket = bucket_name or config["bucket"]
    
    url = "https://api.telnyx.com/v2/ai/embeddings/similarity-search"
    
    payload = json.dumps({
        "bucket_name": bucket,
Confidence
91% confidence
Finding
https://api.telnyx.com/

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal