ClawHub

Openclaw Cnc Core

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate CNC quoting skill, but it deserves user review because sensitive CAD/order data can leave the local machine and one module loads executable code from a local workspace path without clear disclosure.

Install only after reviewing the data flows. Avoid uploading proprietary CAD files to the public HTTP demo unless authorized, prefer local/Ollama mode for sensitive work, provide a Feishu webhook only if customer/order snippets may be sent there, and review or remove the ~/.openclaw/workspace/data data_layer import behavior before production use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The approval flow fetches `order_id, corrected_surface_type` from `review_tasks` and then stores the second value as `original_surface_type` in `review_history`. This corrupts audit data by recording the wrong field, defeating the stated purpose of preserving the original classification before human correction. In a risk-control workflow, bad audit history can mislead retraining, compliance review, and incident investigation.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The README encourages users to upload STEP/STL CAD files to a publicly hosted demo but does not warn that design files may contain proprietary geometry, manufacturing tolerances, and other sensitive intellectual property. Even if the server has rate limiting and basic web protections, those controls do not address confidentiality, retention, third-party access, or how uploaded files are handled, which creates a real privacy and data-exposure risk.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The code sends raw query text to an external embeddings endpoint, which can expose potentially sensitive business or user data to a third-party service without any consent gate, minimization, or documented restriction in this component. In a retrieval skill, query fields may contain proprietary manufacturing details, making this a real data leakage/privacy risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The notifier sends order identifiers, customer information, material details, and raw-text snippets to an external Feishu webhook. Even though the text is truncated, it may still contain sensitive business or personal information, and this code path provides no minimization, redaction enforcement, consent, or destination validation. In a quoting system, outbound disclosure to third-party messaging infrastructure increases privacy and data-governance risk.

External Script Fetching

High
Category
Supply Chain
Content
```bash
# 安装 Ollama
curl -fsSL https://ollama.com/install.sh | sh

# 拉取模型
ollama pull qwen2.5:0.5b  # 小模型,快
Confidence
95% confidence
Finding
curl -fsSL https://ollama.com/install.sh | sh

Chaining Abuse

High
Category
Tool Misuse
Content
```bash
# 安装 Ollama
curl -fsSL https://ollama.com/install.sh | sh

# 拉取模型
ollama pull qwen2.5:0.5b  # 小模型,快
Confidence
97% confidence
Finding
| sh

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal