ClawHub

openclaw's digital card

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed OpenClaw profile-card generator that reads sensitive local profile and memory notes, but the behavior is purpose-aligned and not hidden.

Install only if you are comfortable with this skill reading your OpenClaw profile and memory files and using excerpts to draft a shareable card. Review or redact USER.md, IDENTITY.md, and MEMORY.md before use, prefer a local model for sensitive notes, preview the generated HTML before sharing/exporting, and use the default background or a trusted local background path rather than untrusted background input.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The script does more than aggregate local configuration and usage statistics: it also reads USER.md, IDENTITY.md, MEMORY.md, and memory bullets/excerpts, then packages them into copy_inputs for downstream generation. That creates a privacy-sensitive data exposure path because personal notes and memory content can be forwarded to later components or models despite the skill description emphasizing read-only profile generation.

Intent-Code Divergence

Low
Confidence
88% confidence
Finding
The background image value is inserted into HTML/CSS without context-appropriate escaping or validation, while accepting arbitrary URLs or local paths. An attacker controlling this value could break out of the intended CSS url() context depending on template structure, trigger loading of attacker-controlled remote resources, or reference unexpected local files, which is more concerning because the script produces HTML intended for later rendering in a browser or renderer.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script emits excerpts from personal profile and memory files without any visible consent gate, warning, or sensitivity classification. In this skill context, that is more dangerous because the extracted text is explicitly packaged as AI-generation input, increasing the chance that sensitive personal content is surfaced in generated output or sent to other processing stages.

Ssd 3

Medium
Confidence
94% confidence
Finding
Packaging user/profile/memory text into copy_inputs creates a natural-language leak channel: even if no direct network exfiltration occurs here, downstream rendering or model prompts can disclose private memories, identity details, or notes. The skill context makes this materially risky because a personal-card generator is likely to display or export polished summaries, which can inadvertently reveal sensitive source material.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal