ClawHub

Security Dashboard

Security checks across malware telemetry and agentic risk

Overview

The dashboard appears purpose-built for local security monitoring, but it needs Review because it installs a persistent service with broad passwordless sudo inspection rights and exposes detailed host-security data through an unauthenticated local API.

Install only on a server where you are comfortable adding a boot-starting localhost dashboard and granting a service account passwordless sudo for host inspection. Review /etc/sudoers.d/openclaw-dashboard before enabling it, keep the service bound to 127.0.0.1 or a trusted tunnel, avoid the root mode, and treat the API output as sensitive security information.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (8)

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The installer creates a passwordless sudoers rule for a monitoring dashboard and permits broad wildcard access to privileged commands such as `systemctl status *`, `journalctl *`, `ss *`, and `tailscale status *`. Even if intended for read-only monitoring, wildcarded privileged command execution significantly expands the blast radius if the dashboard process is compromised, and some allowed commands can expose sensitive system, service, and network information far beyond the dashboard's stated scope.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The installer explicitly offers to run the dashboard service as `root`, which is unnecessary for a monitoring web service and violates least-privilege principles. If the Node.js dashboard or any dependency is compromised, running as root would grant immediate full-system control.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The script describes the sudo access as 'limited privileges,' but the actual sudoers rule includes multiple wildcarded commands with broad inspection reach. This mismatch can mislead operators into approving elevated access without understanding the true privilege level, increasing the risk of unsafe deployment.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The API returns detailed OpenClaw security configuration such as gateway bind mode, auth mode, token length, session counts, and version state. Even though the server listens on localhost, any local user, browser extension, SSRF-capable local app, or forwarded access can query this endpoint and use the data for reconnaissance against the host and OpenClaw deployment.

Intent-Code Divergence

Medium
Confidence
86% confidence
Finding
The helper comment claims commands are executed safely, but it wraps child_process.execSync, which invokes a shell and would be dangerous if any command input ever became attacker-controlled. In this file the current commands are hardcoded, so there is no immediate injection path, but the abstraction is misleading and creates a latent command-injection risk for future maintenance.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The uninstall instructions include irreversible deletion commands without a prominent warning about destructive effects or potential loss of local modifications. While the target path is specific rather than arbitrary, users could still accidentally remove customized files or data stored under the skill directory. This is a safety issue rather than an exploit primitive, but it can cause operational damage.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The installer writes a passwordless sudoers file without a dedicated warning or confirmation step explaining that it is granting persistent elevated privileges to the dashboard user. This creates a transparency and consent problem and can lead administrators to unknowingly deploy a service with much greater privilege than expected.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The /api/security endpoint exposes a broad set of sensitive host-security details, including open ports, firewall state, SSH hardening status, failed logins, resource usage, service exposure, and OpenClaw configuration-derived metadata, with no authentication or warning. This materially aids reconnaissance and attack planning if any local or tunneled access is obtained, and the dashboard's security-monitoring context makes the data especially valuable to an attacker.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal