ClawHub

Cross Platform Messenger Claw

Security checks across malware telemetry and agentic risk

Overview

This is a real messaging helper, but its bulk-send script can accidentally turn message or recipient text into local shell commands.

Review before installing. Prefer direct OpenClaw message commands or dry-run mode, avoid scripts/notify.sh with untrusted message text, media paths, or target lists until eval is removed, and confirm exact recipients, channels, content, and any scheduled jobs before allowing live sends.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The script builds a shell command string from user-controlled inputs such as --target, --message, and --media, then executes it with eval. Because eval re-parses shell metacharacters, an attacker can inject arbitrary commands and achieve code execution on the host running the script, which is far beyond the intended messaging functionality. In this skill context, the danger is elevated because the script is specifically designed to forward externally supplied content across channels, so attacker-controlled input is expected and common.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill’s trigger description is broad enough to match ordinary user requests about messaging or notifications, which can cause the agent to invoke this skill in situations where the user did not explicitly consent to using an external messaging integration. In this context, that is risky because the skill can transmit message bodies and recipient identifiers to third-party platforms, increasing the chance of unintended data disclosure or misdelivery.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill describes commands that send messages and attachments to external communication platforms but does not clearly warn that message content, recipient identifiers, and media may leave the local environment. This omission is dangerous because users may provide sensitive alerts, reports, or personal contact details without realizing they will be transmitted to third-party services.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal