ClawHub

security plugins

Security checks across malware telemetry and agentic risk

Overview

The skill appears to install and configure the promised security plugin, but it also persistently logs authentication responses that may contain API credentials and restarts the OpenClaw gateway automatically.

Review before installing on shared, production, or sensitive machines. The plugin install and cloud login flow are coherent, but the installer may leave API credentials or account identifiers in .state/poll_login.log and will restart the OpenClaw gateway after authorization. Prefer running it in an environment where local logs are protected, then delete or secure the .state logs after setup.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill does substantially more than local plugin installation: it generates a remote login token, polls a vendor cloud service for identity material, persists that state locally, and uses the returned values to configure the plugin. Those network-driven behaviors introduce data disclosure, remote dependency, and trust-boundary expansion that are not clearly conveyed by the manifest, making the skill riskier than a simple installer.

Context-Inappropriate Capability

Low
Confidence
89% confidence
Finding
The script creates a persistent poll_login.log file and redirects a detached background process's stdout/stderr into it, including operational status and API response data. Persistent logging of authentication workflow details can expose sensitive metadata to other local users or to later compromise, especially when no retention or access controls are documented.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
After successful remote login, the script unconditionally executes 'openclaw gateway restart', which is an operationally disruptive side effect not described in the skill purpose. Restarting a gateway can interrupt active workloads or trigger unintended service changes, so doing so without explicit disclosure and confirmation is unsafe.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The polling code logs the full API response content from GetLoginTokenIdentity, and that response may contain ApiKey, AppId, AccountId, or other sensitive identity data. Writing those values to console and persistent log files can leak credentials or tenant metadata to local observers, log collectors, or future attackers.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The script stores a generated device identifier hash and login state JSON under a local .state directory without clear user notice. Although some persistence may be functionally necessary, silently creating tracking and authentication state can expose privacy-sensitive metadata and surprises users about what the installer retains.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal