ClawHub
Back to plugin

Security audit

UniGateway

Security checks across malware telemetry and agentic risk

Overview

This is a coherent UniGateway LLM provider plugin; the main risks are ordinary API-key handling and broad dynamic model access, not hidden or malicious behavior.

Before installing, confirm you trust UniGateway to receive prompts and model traffic, prefer setting UNIGATEWAY_API_KEY through the environment or OpenClaw's secret prompt instead of putting the raw key directly on the command line, and monitor which UniGateway models are used because dynamic model discovery may expose models with different cost or policy characteristics.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The code explicitly preserves an empty `agents.defaults.models` map and passes an empty runtime catalog so that no allowlist is enforced, allowing the agent to switch to any model returned by runtime discovery. This weakens model-selection restrictions and can expose the agent to unauthorized, higher-cost, less-trusted, or policy-incompatible models if `/model` switching is available.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README explicitly instructs users to pass the UniGateway API key as a command-line argument to `openclaw onboard`. Supplying secrets on the command line can expose them through shell history, process listings, audit logs, or CI job output, so the documentation encourages an unsafe secret-handling pattern even if the software itself is not malicious.

VirusTotal

60/60 vendors flagged this plugin as clean.

View on VirusTotal