ClawHub

Yinian Zwds

Security checks across malware telemetry and agentic risk

Overview

This astrology skill is mostly purpose-aligned, but it automatically uses local API credentials and can send birth details to DeepSeek without clear user-facing consent or disclosure.

Install only if you are comfortable with birth information and generated chart details being sent to a remote LLM provider when AI readings are used. Use a dedicated DeepSeek key rather than a broad shared key, avoid exposing the FastAPI server publicly without tightening CORS and removing prompt fields, and prefer local chart-only commands if you do not want external transmission.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The skill reads API credentials from both environment variables and a local OpenClaw config file, which expands its access to secrets beyond what an astrology skill needs to do locally. Even though the code appears to use the keys for LLM access rather than exfiltrate arbitrary secrets, reaching into unrelated local config increases secret exposure risk and violates least-privilege expectations.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The code sends prompts and user data to a third-party LLM endpoint, but the skill description presents it as an astrology charting/interpretation system without clear disclosure of external model usage. This creates a transparency and privacy problem because users may assume analysis is local while their data is actually transmitted off-device.

Description-Behavior Mismatch

Medium
Confidence
98% confidence
Finding
The API exposes internal `ai_prompt` and `system_prompt` values to any caller, even though the service is presented as a chart-reading endpoint. This leaks hidden prompt engineering, internal instructions, and possibly implementation details that can help attackers reverse-engineer behavior, craft prompt-injection attacks against downstream model use, or extract proprietary logic.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The request payload transmits birth-related and derived chart data to an external LLM service without an explicit warning or consent check at the point of transmission. Birth date, hour, gender, and generated astrological profile are sensitive personal data, so sending them to a remote provider can create privacy, retention, and profiling risks.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal