ClawHub

OpenClaw BaseCred SDK

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed reputation lookup tool that uses named external providers and optional API keys, with no evidence of hidden, destructive, or purpose-mismatched behavior.

Install only if you are comfortable with queried wallet addresses being sent to Ethos, Talent Protocol, and Neynar/Farcaster as applicable, and with the skill reading optional provider keys from ~/.openclaw/.env. Use the lockfile or verify dependency versions before upgrading, and rotate Talent or Neynar keys if you suspect prior exposure.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill unconditionally loads environment variables from a fixed file in the user's home directory (~/.openclaw/.env), giving it access to credentials outside the explicit function inputs. That behavior expands the skill's privileges beyond a simple reputation lookup wrapper and can silently pull secrets into execution context, which is risky in an agent setting where users may not expect filesystem secret access.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The script prints a blanket success summary and states that all isolation/security guarantees were verified even when Test 5 explicitly allows failure and only emits a warning. This can mislead operators into trusting the skill's safety and readiness despite an incomplete or failed validation, increasing the chance of deploying unverified code.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill is explicitly designed to query third-party reputation providers using a wallet address, but the user-facing description does not clearly warn that submitted addresses will be sent to external services. This creates a privacy and consent issue because wallet addresses can be sensitive identifiers and may be correlated across platforms or logged by providers.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The code loads TALENT_API_KEY and NEYNAR_API_KEY from a local .env file and then uses them to authenticate outbound requests to third-party services without any user-facing disclosure at the point of use. In a skill ecosystem, this can cause silent external transmission of requests under the user's credentials, creating consent, privacy, and secret-handling concerns even if the keys are not directly printed or exfiltrated.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal